Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
References (4)
Core 4
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125636
Vendor Advisory
https://support.apple.com/en-us/125110
Scores
CVSS v3
7.1
EPSS
0.0002
EPSS Percentile
6.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (7)
Apple/iOS and iPadOS
< 26
apple/ipados
< 26.0
apple/iphone_os
< 26.0
apple/macos
< 14.8.2
Apple/macOS
< 14.8.2
Apple/macOS
< 14.8.4
Apple/macOS
< 26
Published
Nov 04, 2025
Tracked Since
Feb 18, 2026