Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Apple CoreGraphics Integer Overflow Vulnerability Leading to Arbitrary Code Execution

Vulnerability

A vulnerability exists in the CoreGraphics component of multiple Apple products, including iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2. This vulnerability arises from an integer overflow that was introduced with JBIG2 image processing. It allows for arbitrary code execution when a maliciously crafted PDF is processed. Apple has acknowledged reports of active exploitation of this vulnerability.

Impact

Exploitation of this vulnerability can lead to arbitrary code execution on the affected device or system.

Reproduction

The vulnerability can be reproduced by processing a maliciously crafted PDF file using an application that relies on the vulnerable version of CoreGraphics. This can be done on any of the affected Apple operating systems.

Remediation

Users can update to the latest versions of iOS, iPadOS, macOS, and watchOS to address this vulnerability. The update is available through the Apple Update mechanism or via the Apple Security Updates website.

Added: May 15, 2026, 10:47 AM
Updated: May 15, 2026, 10:47 AM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
7.5
exploitability
5.3
remediation
7.7
relevance
0.0
threat
9.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.