CVE-2025-43532

Vulnerability

Overview

CVE-2025-43532 is a memory corruption vulnerability affecting multiple Apple operating systems. The root cause is a bounds checking deficiency that, when processing maliciously crafted data, can corrupt memory, leading to unexpected app termination [1]. Apple addressed the issue with improved bounds checks.

Exploitation

Prerequisites

Exploitation requires an attacker to deliver a malicious file or data to a user's device and have the user process it in a vulnerable application. No additional authentication is required beyond normal user interaction. The vulnerability is present in iOS, iPadOS, macOS, tvOS, visionOS, and watchOS [2][3][4].

Impact

Successful exploitation results in unexpected app termination (a denial-of-service condition). The description does not indicate code execution or privilege escalation; the primary impact is application stability and availability. The low CVSS score (2.8) reflects the limited impact and requirement for user interaction.

Mitigation

Apple has released patches across all affected platforms. Users should update to the following fixed versions: iOS 18.7.3 / iPadOS 18.7.3, iOS 26.2 / iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2 [1][2][3][4]. No workarounds have been published, making software updates the only recommended mitigation.