← back
CVE-2025-43510

CVE-2025-43510

CVSS 7.8 HIGHEPSS 0.3%● KEVCWE-667
In short

A memory corruption flaw in Apple operating systems allows a malicious app to improperly access and modify data shared between different programs, potentially compromising system stability and security.

Technical detail

CWE-667 vulnerability exploited through improper lock state checking in inter-process shared memory. A local attacker with the ability to run a malicious application can trigger memory corruption and unauthorized modifications across process boundaries. Fixed through enhanced synchronization mechanisms across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS platforms.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · tvOSApple · visionOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/https://support.apple.com/en-us/125632https://support.apple.com/en-us/125633https://support.apple.com/en-us/125634https://support.apple.com/en-us/125635https://support.apple.com/en-us/125636https://support.apple.com/en-us/125637https://support.apple.com/en-us/125638https://support.apple.com/en-us/125639https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43510