VYPR
← All advisories
High severity7.5NVD Advisory· Published May 11, 2026· Updated May 13, 2026

CVE-2026-43668

CVE-2026-43668

Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A use-after-free vulnerability in Apple operating systems allows a remote attacker to cause system termination or kernel memory corruption.

A use-after-free memory corruption issue exists in multiple Apple operating systems, including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability was addressed by improving memory management, as described in the CVE entry.

The attack vector is remote, meaning an attacker can trigger the vulnerability over a network without physical access or authentication. The exact component vulnerable has not been disclosed, but the issue can be exploited to corrupt kernel memory.

Successful exploitation could lead to unexpected system termination (denial of service) or kernel memory corruption, potentially allowing further compromise. The CVSS v3 score of 7.5 indicates high severity.

Apple has released patches in iOS 18.7.9, iOS 26.5, iPadOS 18.7.9, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. Users are advised to update their devices to mitigate this vulnerability.

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

2