Changeflow GovPing Data Privacy & Cybersecurity Apple Products Memory Corruption Vulnerability
Priority review Notice Amended Final

Apple Products Memory Corruption Vulnerability

Favicon for www.cisa.gov CISA ICS-CERT Advisories
Published March 20th, 2026
Detected March 20th, 2026
Email

Summary

CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include CVE-2025-43510, a memory corruption vulnerability affecting various Apple products. The vulnerability, which could allow a malicious application to cause unexpected memory changes, has been addressed by Apple in recent software updates.

View original document View source feed page

What changed

CISA has added CVE-2025-43510 to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves a memory corruption issue in Apple products, including watchOS, iOS, iPadOS, macOS, and tvOS, which could be exploited by a malicious application to alter shared memory. Apple has released patches for affected versions, such as watchOS 26.1, iOS 18.7.2, macOS Sonoma 14.8.2, and others.

Organizations utilizing affected Apple devices should prioritize applying the latest software updates provided by Apple to mitigate the risk of exploitation. The inclusion in the KEV catalog suggests active exploitation or a high likelihood of exploitation, making timely patching critical for maintaining system security and preventing potential data breaches or system instability.

What to do next

  1. Apply Apple software updates to affected devices (watchOS, iOS, iPadOS, macOS, tvOS).
  2. Review CISA's KEV catalog for active exploitation risks.
  3. Ensure robust vulnerability management processes are in place for all endpoints.

Source document (simplified)

Required CVE Record Information

CNA: Apple Inc.

Description

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.

Product Status

Learn more Versions 1 Total

Default Status: unknown

affected

  • affected before 14.8 Versions 1 Total

Default Status: unknown

affected

  • affected before 26.1 Versions 1 Total

Default Status: unknown

affected

  • affected before 26.1 Versions 1 Total

Default Status: unknown

affected

  • affected before 26.1 Versions 1 Total

Default Status: unknown

affected

  • affected before 26.1 Versions 1 Total

Default Status: unknown

affected

  • affected before 15.7 Versions 1 Total

Default Status: unknown

affected

  • affected before 26.1 Versions 1 Total

Default Status: unknown

affected

  • affected before 18.7

References 8 Total

Authorized Data Publishers

Learn more

CISA-ADP

Updated:

2026-03-20

SSVC and KEV, plus CVSS and CWE if not provided by the CNA.

SSVC 1 Total

Learn more
| Exploitation | Automatable | Technical Impact | Version | Date Accessed |
| --- | --- | --- | --- | --- |
| none | no | total | 2.0.3 | 2026-03-19 |

KEV 1 Total

Learn more
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43510 (2026-03-20)

CWE 1 Total

Learn more
- CWE-667: CWE-667 Improper Locking

CVSS 1 Total

Learn more
| Score | Severity | Version | Vector String |
| --- | --- | --- | --- |
| 7.8 | HIGH | 3.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |

Related changes

Favicon for www.cisa.gov CISA: Apple Products Memory Corruption Vulnerability Addressed
Priority review Mar 20, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov Craft CMS Remote Code Execution Vulnerability Fixed
Priority review Mar 20, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov Livewire v3.6.3 Remote Command Execution Vulnerability Patched
Urgent Mar 20, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.nist.gov NIST 5G Cybersecurity and Privacy Capabilities White Paper Series Introduction
Routine Mar 21, 2026 NIST Publications Data Privacy & Cybersecurity
Favicon for www.nist.gov NIST White Paper on 5G SUCI Encryption for Subscriber Identifier Protection
Routine Mar 21, 2026 NIST Publications Data Privacy & Cybersecurity
Favicon for www.nist.gov NIST SP 800-81r3 Secure DNS Deployment Guide
Routine Mar 21, 2026 NIST Publications Data Privacy & Cybersecurity

Source

Favicon for www.cisa.gov
CISA ICS-CERT Advisories cisa.gov/rss.xml
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CISA
Published
March 20th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CVE-2025-43510

Who this affects

Applies to
Consumers Technology companies
Industry sector
5112 Software & Technology 3345 Medical Device Manufacturing
Activity scope
Vulnerability Management Endpoint Security
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Product Security Vulnerability Management

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 221 Consumer Protection 39 Courts & Legal 285 Data Privacy & Cybersecurity 61 Defense & National Security 48 Education 20 Energy 102 Environment 85 Government & Legislation 257 Healthcare 116 Housing 15 Immigration 9 Insurance 58 Labor & Employment 111 Pharma & Drug Safety 78 Securities & Markets 75 Tax 62 Telecom & Technology 34 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CISA ICS-CERT Advisories publishes new changes.

Free. Unsubscribe anytime.