CVE-2025-43226 – Apple ImageIO Out-of-Bounds Read Vulnerability Allowing Process Memory Disclosure

Vulnerability

Patched

A vulnerability in the ImageIO component of Apple software, including iOS, iPadOS, macOS, tvOS, and watchOS, allows for an out-of-bounds read that can lead to the disclosure of process memory. This issue was addressed with improved input validation. The vulnerability affects several different versions and ranges across the mentioned operating systems.

Impact

Exploitation of this vulnerability can result in the unauthorized disclosure of process memory, potentially allowing for the extraction of sensitive information.

Remediation

Users can update to the latest versions of watchOS, iOS, iPadOS, tvOS, and macOS to address this vulnerability. Specific update instructions can be found on the Apple Support website.

volerion

7.1

CVSS 4.0

7.1

High

volerion

6.5

CVSS 3.1

6.5

Medium

CISA-ADP

4.0

CVSS 3.1

4.0

Medium

Click a row to open the calculator.

References

https://support.apple.com/en-us/124147

AdvisoryBundleVendor

https://support.apple.com/en-us/124148

AdvisoryBundleVendor

https://support.apple.com/en-us/124149

AdvisoryBundleVendor

https://support.apple.com/en-us/124150

AdvisoryBundleVendor

Showing 1-4 of 7 references

Apple ImageIO Out-of-Bounds Read Vulnerability Allowing Process Memory Disclosure

Vulnerability

Impact

Remediation

Affected Products

Apple watchOS

Apple iPadOS

Apple tvOS

Apple macOS Sequoia

Apple macOS Sonoma

Apple visionOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating