CVE-2025-43518 – This CVE describes a logic flaw in Apple's spel... (How to Fix)

Q: What is the severity of CVE-2025-43518?

CVE-2025-43518 has a CVSS score of 3.3 (LOW). This CVE describes a logic flaw in Apple's spellcheck API that could allow malicious applications to access files they shouldn't have permission to view. The vulnerability affects multiple Apple operating systems including iOS, iPadOS, macOS, and watchOS. Users running affected versions of these operating systems are potentially at risk.

📋 TL;DR

This CVE describes a logic flaw in Apple's spellcheck API that could allow malicious applications to access files they shouldn't have permission to view. The vulnerability affects multiple Apple operating systems including iOS, iPadOS, macOS, and watchOS. Users running affected versions of these operating systems are potentially at risk.

💻 Affected Systems

Products:

iOS
iPadOS
macOS
watchOS

Versions: Versions prior to watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2, iPadOS 26.2, macOS Sequoia 15.7.3

Operating Systems: iOS, iPadOS, macOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Apple operating systems are vulnerable. The vulnerability is in the spellcheck API implementation.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious app could access sensitive files containing personal data, credentials, or system information through the spellcheck API bypassing normal file access controls.

🟠

Likely Case

Malicious apps in the App Store or sideloaded apps could access documents, configuration files, or other user data they shouldn't have permission to read.

🟢

If Mitigated

With proper app sandboxing and security controls, the impact would be limited to files accessible within the app's normal permissions scope.

🌐 Internet-Facing: LOW - This requires a malicious app to be installed on the device, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Malicious apps could be installed through enterprise deployment, sideloading, or compromised developer certificates.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires a malicious app to be installed on the target device. The app must be able to call the spellcheck API with specially crafted input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3

Vendor Advisory: https://support.apple.com/en-us/125884

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like the official App Store and avoid sideloading or enterprise app deployments from untrusted sources.

Review app permissions

all

Regularly review and restrict app permissions, especially for apps that don't need file access to function properly.

🧯 If You Can't Patch

Implement strict app vetting and only allow installation of apps from trusted, verified sources
Use mobile device management (MDM) solutions to control app deployment and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check the operating system version in Settings > General > About on iOS/iPadOS or About This Mac on macOS

Check Version:

On macOS: sw_vers. On iOS/iPadOS: Check in Settings > General > About > Version

Verify Fix Applied:

Verify the installed version matches or exceeds the patched versions listed in the fix information

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from applications, especially those using spellcheck functionality
Multiple failed file access attempts through system APIs

Network Indicators:

Not applicable - this is a local vulnerability

SIEM Query:

Not applicable for typical SIEM deployments as this is a local OS-level vulnerability

📊 Metadata

CVE ID: CVE-2025-43518

CVSS v3 Score: 3.3 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-284

EPSS Score: 0.01% exploit probability (1.9th percentile)

Published: December 12, 2025

Last Updated: December 17, 2025

🔗 References

https://support.apple.com/en-us/125884
https://support.apple.com/en-us/125886
https://support.apple.com/en-us/125887 Release Notes,Vendor Advisory
https://support.apple.com/en-us/125888 Release Notes,Vendor Advisory
https://support.apple.com/en-us/125890

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43518, you might also want to check these: