Primary

Context

Apple CoreText Out-of-Bounds Read Vulnerability Allowing Memory Corruption

Vulnerability

Patched

A vulnerability in the CoreText component of multiple Apple operating systems, including visionOS 26.1, macOS Sonoma 14.8.2, watchOS 26.1, iOS 26.1, iPadOS 26.1, and tvOS 26.1, has been identified. This vulnerability arises from an out-of-bounds read issue that was addressed with improved input validation. However, processing a maliciously crafted media file could still lead to unexpected application termination or corruption of process memory.

Impact

Exploitation of this vulnerability can cause applications to terminate unexpectedly or result in corruption of process memory, potentially leading to further exploitation.

Added: Nov 4, 2025, 2:41 AM

Updated: Nov 4, 2025, 2:41 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple CoreText Out-of-Bounds Read Vulnerability Allowing Memory Corruption

Vulnerability

Impact

Affected Products

Apple visionOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating