VYPR
← All advisories
High severity7.3NVD Advisory· Published May 11, 2026· Updated May 13, 2026

CVE-2026-43655

CVE-2026-43655

Description

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read vulnerability in Apple software could allow a malicious app to cause unexpected system termination or read kernel memory, impacting multiple platforms.

An out-of-bounds read vulnerability in Apple's kernel has been addressed with improved bounds checking in the latest operating system updates. The flaw exists in iOS and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5. [1][2][3][4] The root cause is a missing bounds check that enables an out-of-bounds read, potentially allowing an attacker to access memory beyond the intended buffer.

Exploitation requires only that a malicious app be installed on an affected device; no additional privileges or network access are needed. The vulnerability can be triggered by the app's normal operation, making it a viable attack vector for arbitrary third-party applications. [1][2][3][4]

The impact is twofold: an app may cause unexpected system termination (denial of service) or read kernel memory. Reading kernel memory could lead to the disclosure of sensitive information, such as cryptographic keys or other data contained in the kernel address space. [1][2][3][4]

Apple has released patches for all affected operating systems: iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5. Users are strongly advised to update their devices. The issue was discovered by Seiji Sakurai (@HeapSmasher), who is credited in the security advisories. [1][3][4]

References
  1. About the security content of macOS Tahoe 26.5 - Apple Support
  2. About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
  3. About the security content of tvOS 26.5 - Apple Support
  4. About the security content of watchOS 26.5 - Apple Support

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

40