CVE-2025-46304 – This vulnerability allows a malicious HID (Huma... (How to Fix)

Q: What is the severity of CVE-2025-46304?

CVE-2025-46304 has a CVSS score of 5.7 (MEDIUM). This vulnerability allows a malicious HID (Human Interface Device) like a keyboard or mouse to cause unexpected process crashes on affected Apple devices. It affects macOS, iOS, and iPadOS users who connect untrusted USB or Bluetooth input devices. The issue stems from insufficient bounds checking that can be exploited through specially crafted HID input.

📋 TL;DR

This vulnerability allows a malicious HID (Human Interface Device) like a keyboard or mouse to cause unexpected process crashes on affected Apple devices. It affects macOS, iOS, and iPadOS users who connect untrusted USB or Bluetooth input devices. The issue stems from insufficient bounds checking that can be exploited through specially crafted HID input.

💻 Affected Systems

Products:

macOS
iOS
iPadOS

Versions: Versions prior to macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4

Operating Systems: macOS, iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard configurations that accept HID input are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious HID device could cause critical system processes to crash, potentially leading to denial of service, data loss, or system instability requiring reboot.

🟠

Likely Case

Most probable impact is application or process crashes when using malicious or compromised input devices, disrupting user workflow but not enabling full system compromise.

🟢

If Mitigated

With proper controls, impact is limited to temporary application disruption that can be resolved by disconnecting the malicious device and restarting affected applications.

🌐 Internet-Facing: LOW - This vulnerability requires physical or local network access to connect a malicious HID device.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised internal devices could exploit this, but requires physical device connection or Bluetooth proximity.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires physical access to connect a malicious HID device or Bluetooth pairing capability. No authentication bypass needed once device is connected.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, macOS Sonoma 14.8.4

Vendor Advisory: https://support.apple.com/en-us/126347

Restart Required: No

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. For iOS/iPadOS: Settings > General > Software Update. 4. Install the security update.

🔧 Temporary Workarounds

Restrict Untrusted HID Devices

all

Prevent connection of unknown USB or Bluetooth input devices through system policies or physical controls.

Disable Bluetooth When Not Needed

all

Turn off Bluetooth to prevent malicious devices from pairing wirelessly.

🧯 If You Can't Patch

Implement strict physical security controls for USB ports
Use Bluetooth device whitelisting and require approval for new pairings

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions. For macOS: About This Mac > macOS version. For iOS/iPadOS: Settings > General > About > Version.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Not available via command line, check Settings > General > About

Verify Fix Applied:

Verify OS version matches or exceeds patched versions: macOS Sequoia 15.7.4+, iOS 18.7.5+, iPadOS 18.7.5+, or macOS Sonoma 14.8.4+.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes in system logs
Console.app entries showing application termination
Kernel panic logs if system crashes

Network Indicators:

Bluetooth pairing attempts from unknown devices
USB device connection events

SIEM Query:

source="system.log" AND ("panic" OR "crash" OR "terminated") AND process="WindowServer" OR process="loginwindow"

📊 Metadata

CVE ID: CVE-2025-46304

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.01% exploit probability (2.3th percentile)

Published: February 11, 2026

Last Updated: February 13, 2026

🔗 References

https://support.apple.com/en-us/126347 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126349 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126350 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46304, you might also want to check these: