CVE-2025-43224

Published: Jul 30, 2025Modified: Apr 2, 2026

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Visionos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 18.6
Apple Iphone Os	Before 18.6
Apple Macos	Before 15.6
Apple Tvos	Before 18.6
Apple Visionos	Before 2.6

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

https://support.apple.com/en-us/124147

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/124149

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/124153

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/124154

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2025/Jul/30

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Jul/32

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Jul/36

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Jul/37

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.