CVE-2025-43533
BaseFortify
Publication date: 2025-12-17
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 26.2 (exc) |
| apple | iphone_os | to 26.2 (exc) |
| apple | macos | to 26.2 (exc) |
| apple | tvos | to 26.2 (exc) |
| apple | visionos | to 26.2 (exc) |
| apple | watchos | to 26.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple memory corruption issues that occur due to insufficient input validation. A malicious Human Interface Device (HID) can exploit these issues to cause an unexpected process crash on affected Apple operating systems.
How can this vulnerability impact me? :
The vulnerability can lead to unexpected process crashes triggered by a malicious HID device, potentially causing denial of service or instability on affected Apple devices.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Apple devices to watchOS 26.2, iOS 26.2, iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, or tvOS 26.2 as applicable. These updates include fixes for the memory corruption issues caused by malicious HID devices.