CVE-2026-20637
Use-After-Free in Apple OSes Causes System Termination
Publication date: 2026-03-25
Last updated on: 2026-03-25
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | tvos | to 26.3 (exc) |
| apple | visionos | to 26.3 (exc) |
| apple | watchos | to 26.3 (exc) |
| apple | ipados | From 26.0 (inc) to 26.3 (exc) |
| apple | iphone_os | From 26.0 (inc) to 26.3 (exc) |
| apple | macos | From 26.0 (inc) to 26.3 (exc) |
| apple | macos | From 14.0 (inc) to 14.8.5 (exc) |
| apple | macos | From 15.0 (inc) to 15.7.5 (exc) |
| apple | ipados | to 18.7.7 (exc) |
| apple | iphone_os | to 18.7.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use after free issue that was addressed by improving memory management in various Apple operating systems. A use after free occurs when a program continues to use memory after it has been freed, which can lead to unexpected behavior.
In this case, the issue could allow an app to cause unexpected system termination, meaning the system could crash or stop working properly.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an app to cause unexpected system termination. This means your device or system could crash or become unstable, potentially leading to loss of data or interruption of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in specific versions of Apple operating systems including iOS 18.7.7 and 26.3, iPadOS 18.7.7 and 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, and watchOS 26.3.
To mitigate this vulnerability, you should immediately update your Apple devices to these fixed versions or later.