CVE-2025-43346
📋 TL;DR
An out-of-bounds memory access vulnerability in Apple media file processing allows attackers to cause application crashes or corrupt process memory by tricking users into opening malicious media files. This affects users running vulnerable versions of iOS, iPadOS, tvOS, watchOS, and visionOS who process untrusted media files.
💻 Affected Systems
- iOS
- iPadOS
- tvOS
- watchOS
- visionOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Arbitrary code execution leading to full device compromise if memory corruption can be weaponized into reliable exploitation.
Likely Case
Application crashes (denial of service) when processing malicious media files, potentially leading to data loss in unsaved work.
If Mitigated
No impact if patched versions are used or if users avoid processing untrusted media files.
🎯 Exploit Status
Exploitation requires user interaction to open malicious media files. Memory corruption vulnerabilities can be challenging to weaponize reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: tvOS 26, watchOS 26, iOS 26, iPadOS 26, visionOS 26, iOS 18.7, iPadOS 18.7
Vendor Advisory: https://support.apple.com/en-us/125108
Restart Required: No
Instructions:
1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the latest available update. 4. For tvOS: Settings > System > Software Updates. 5. For watchOS: Use iPhone Watch app > General > Software Update.
🔧 Temporary Workarounds
Restrict media file sources
allOnly open media files from trusted sources and avoid downloading/opening media from unknown websites or untrusted messages.
🧯 If You Can't Patch
- Implement application allowlisting to restrict which apps can process media files
- Use network filtering to block access to untrusted media hosting sites
🔍 How to Verify
Check if Vulnerable:
Check device version in Settings > General > About > Software Version. If version is earlier than patched versions listed, device is vulnerable.Check Version:
Settings > General > About > Software Version (iOS/iPadOS/watchOS) or Settings > System > About > Software Version (tvOS/visionOS)Verify Fix Applied:
Verify Software Version matches or exceeds: iOS 26, iPadOS 26, tvOS 26, watchOS 26, visionOS 26, iOS 18.7, or iPadOS 18.7.📡 Detection & Monitoring
Log Indicators:
- Application crash logs related to media processing frameworks
- Unexpected process termination of media-related apps
Network Indicators:
- Downloads of media files from suspicious sources followed by application crashes
SIEM Query:
source="apple_device_logs" AND (event="app_crash" AND process_name IN ("Photos", "Safari", "Messages") AND error_message CONTAINS "memory" OR "bounds")🔗 References
- https://support.apple.com/en-us/125108
- https://support.apple.com/en-us/125109
- https://support.apple.com/en-us/125114
- https://support.apple.com/en-us/125115
- https://support.apple.com/en-us/125116
- http://seclists.org/fulldisclosure/2025/Sep/49
- http://seclists.org/fulldisclosure/2025/Sep/53
- http://seclists.org/fulldisclosure/2025/Sep/56
- http://seclists.org/fulldisclosure/2025/Sep/57
- http://seclists.org/fulldisclosure/2025/Sep/58
