← back
CVE-2025-43520

CVE-2025-43520

CVSS 5.5 MEDIUMEPSS 0.4%● KEVCWE-120
In short

A memory handling flaw in Apple operating systems could allow a malicious app to crash your device or overwrite critical system memory. This is a local attack that requires a malicious app to be installed on your device.

Technical detail

A buffer overflow or improper memory management vulnerability (CWE-120) in iOS, macOS, tvOS, visionOS, and watchOS allows a locally installed malicious application to cause denial of service through unexpected system termination or to achieve kernel memory corruption. Exploitation requires application execution privileges on the targeted device.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · tvOSApple · visionOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/https://support.apple.com/en-us/125632https://support.apple.com/en-us/125633https://support.apple.com/en-us/125634https://support.apple.com/en-us/125635https://support.apple.com/en-us/125636https://support.apple.com/en-us/125637https://support.apple.com/en-us/125638https://support.apple.com/en-us/125639https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43520