VYPR
← All advisories
High severity7.5NVD Advisory· Published Dec 12, 2025· Updated Apr 2, 2026

CVE-2025-43494

CVE-2025-43494

Description

A mail header parsing issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An attacker may be able to cause a persistent denial-of-service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A mail header parsing vulnerability in Apple operating systems could allow an attacker to cause a persistent denial-of-service, patched in recent updates.

Vulnerability

Details A mail header parsing issue in Apple operating systems could allow an attacker to cause a persistent denial-of-service. The problem was addressed with improved checks in the mail processing logic.

Exploitation

An attacker could exploit this vulnerability by sending a specially crafted email message to the target device. The attack likely requires no user interaction beyond receiving the email, and the attacker does not need any special network access other than being able to deliver the malicious email.

Impact

Successful exploitation results in a persistent denial-of-service condition, potentially rendering the device's mail functionality unusable until the malformed data is cleared or the device is restored.

Mitigation

Apple has released security updates for multiple operating systems, including iOS 26.1 [2], iPadOS 26.1 [2], macOS Tahoe 26.1 [1], macOS Sequoia 15.7.2 [3], macOS Sonoma 14.8.2 [4], and others. Users should update to the latest versions to protect against this vulnerability.

References
  1. About the security content of macOS Tahoe 26.1 - Apple Support
  2. About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support
  3. About the security content of macOS Sequoia 15.7.2 - Apple Support
  4. About the security content of macOS Sonoma 14.8.2 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <18.7.2
    • cpe:2.3:o:apple:ipados:26.0:*:*:*:*:*:*:*
  • Apple Inc./Iphone Os2 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <18.7.2
    • cpe:2.3:o:apple:iphone_os:26.0:*:*:*:*:*:*:*
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=14.0,<14.8.2
    • cpe:2.3:o:apple:macos:26.0:*:*:*:*:*:*:*
  • Apple Inc./Visionos
    cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
    Range: <26.1
  • Apple Inc./watchOS
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Range: <26.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.