Out-of-Bounds Access Vulnerability in Apple Products
CVE-2025-43338

7.1HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-43338?

An out-of-bounds access vulnerability was identified in Apple products, specifically affecting macOS, iOS, and iPadOS. This issue arises when maliciously crafted media files are processed, leading to potential unexpected app terminations or memory corruption. Apple has implemented improved bounds checking in its latest versions, addressing this critical security flaw and enhancing overall system resilience.

Affected Version(s)

iOS and iPadOS < 26

macOS < 14.8

References

https://support.apple.com/en-us/125108

https://support.apple.com/en-us/125636

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON