Memory Corruption Vulnerability in Apple Products
CVE-2025-43277

7.8HIGH

Key Information:

Vendor: Apple
Status: Mac OS; TV OS; Visionos; Watch OS
Vendor: CVE Published:; 30 July 2025

What is CVE-2025-43277?

A vulnerability has been identified in Apple’s software products that enables an attacker to exploit improper memory handling when processing specially crafted audio files. Successful exploitation can lead to memory corruption, potentially allowing unauthorized access or manipulation of user data on affected devices. Apple has addressed this issue in recent updates to ensure better memory handling and mitigate risks associated with this type of attack.

Affected Version(s)

iOS and iPadOS < 18.6

macOS < 15.6

tvOS < 18.6

References

https://support.apple.com/en-us/124149

https://support.apple.com/en-us/124153

https://support.apple.com/en-us/124154

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025