CISA: Apple Products Memory Corruption Vulnerability Addressed
Summary
CISA has issued an advisory regarding a memory corruption vulnerability (CVE-2025-43520) affecting various Apple products. The vulnerability, which could allow a malicious application to cause system termination or write kernel memory, has been addressed by Apple through software updates.
What changed
CISA, through its ICS-CERT Advisories, has highlighted a critical memory corruption vulnerability, CVE-2025-43520, affecting multiple Apple operating systems including watchOS, iOS, iPadOS, macOS, and visionOS. The vulnerability, described as a buffer overflow, could be exploited by a malicious application to cause unexpected system termination or write to kernel memory. Apple has released updates to address this issue, with specific versions listed for each affected operating system.
Organizations and consumers using affected Apple devices should immediately update their software to the patched versions to mitigate the risk of exploitation. The vulnerability is listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation or a high likelihood thereof. Failure to update could expose devices to system instability or potential data compromise.
What to do next
- Update affected Apple devices to the latest available software versions (watchOS 26.1, iOS 18.7.2, iPadOS 18.7.2, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1).
- Verify that all relevant Apple devices within the organization's inventory have been patched.
- Monitor CISA advisories for further updates on exploited vulnerabilities.
Source document (simplified)
Required CVE Record Information
CNA: Apple Inc.
Description
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.
Product Status
Learn more Versions 1 Total
Default Status: unknown
affected
- affected before 14.8 Versions 1 Total
Default Status: unknown
affected
- affected before 26.1 Versions 1 Total
Default Status: unknown
affected
- affected before 26.1 Versions 1 Total
Default Status: unknown
affected
- affected before 26.1 Versions 1 Total
Default Status: unknown
affected
- affected before 26.1 Versions 1 Total
Default Status: unknown
affected
- affected before 15.7 Versions 1 Total
Default Status: unknown
affected
- affected before 26.1 Versions 1 Total
Default Status: unknown
affected
- affected before 18.7
References 8 Total
- https://support.apple.com/en-us/125636
- https://support.apple.com/en-us/125637
- https://support.apple.com/en-us/125634
- https://support.apple.com/en-us/125638
- https://support.apple.com/en-us/125639
- https://support.apple.com/en-us/125635
- https://support.apple.com/en-us/125632
- https://support.apple.com/en-us/125633
Authorized Data Publishers
CISA-ADP
Updated:
2026-03-20
SSVC and KEV, plus CVSS and CWE if not provided by the CNA.
SSVC 1 Total
Learn more
| Exploitation | Automatable | Technical Impact | Version | Date Accessed |
| --- | --- | --- | --- | --- |
| none | no | total | 2.0.3 | 2026-03-19 |
KEV 1 Total
Learn more
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43520 (2026-03-20)
CWE 1 Total
Learn more
- CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS 1 Total
Learn more
| Score | Severity | Version | Vector String |
| --- | --- | --- | --- |
| 5.5 | MEDIUM | 3.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CISA ICS-CERT Advisories publishes new changes.