CVE-2025-46316 – An out-of-bounds read vulnerability in Apple Pa... (How to Fix)

Q: What is the severity of CVE-2025-46316?

CVE-2025-46316 has a CVSS score of 4.3 (MEDIUM). An out-of-bounds read vulnerability in Apple Pages document processing could allow an attacker to cause unexpected termination or disclose process memory. This affects users who open malicious Pages documents on vulnerable Apple devices. The vulnerability impacts iOS, iPadOS, macOS, and the Pages application itself.

📋 TL;DR

An out-of-bounds read vulnerability in Apple Pages document processing could allow an attacker to cause unexpected termination or disclose process memory. This affects users who open malicious Pages documents on vulnerable Apple devices. The vulnerability impacts iOS, iPadOS, macOS, and the Pages application itself.

💻 Affected Systems

Products:

iOS
iPadOS
macOS
Pages

Versions: Versions prior to iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, Pages 15.1

Operating Systems: iOS, iPadOS, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable when processing Pages documents.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Pages by Apple

View all CVEs affecting Pages →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure could expose sensitive information from the application's memory space, potentially including user data or system information.

🟠

Likely Case

Application crash or unexpected termination when processing a malicious document, leading to denial of service for the user.

🟢

If Mitigated

With proper patching, no impact as the vulnerability is fully addressed in updated versions.

🌐 Internet-Facing: LOW - Requires user interaction to open a malicious document, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be targeted with malicious documents via email or file shares.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious Pages document. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, Pages 15.1

Vendor Advisory: https://support.apple.com/en-us/125632

Restart Required: Yes

Instructions:

1. Update iOS/iPadOS: Settings > General > Software Update. 2. Update macOS: System Settings > General > Software Update. 3. Update Pages: App Store > Updates tab. 4. Restart device after installation.

🔧 Temporary Workarounds

Disable automatic document opening

all

Configure system to not automatically open downloaded documents

Use alternative document viewers

all

Open Pages documents in alternative applications that are not vulnerable

🧯 If You Can't Patch

Restrict opening Pages documents from untrusted sources
Implement application whitelisting to control which applications can open documents

🔍 How to Verify

Check if Vulnerable:

Check current version against affected versions: iOS/iPadOS < 26.1, macOS < Tahoe 26.1, Pages < 15.1

Check Version:

iOS/iPadOS: Settings > General > About. macOS: About This Mac > System Report > Software. Pages: Open Pages > Pages menu > About Pages.

Verify Fix Applied:

Confirm version numbers: iOS/iPadOS ≥ 26.1, macOS ≥ Tahoe 26.1, Pages ≥ 15.1

📡 Detection & Monitoring

Log Indicators:

Application crash logs for Pages application
Unexpected termination events in system logs

Network Indicators:

Downloads of Pages documents from untrusted sources

SIEM Query:

source="system_logs" AND (process="Pages" AND event="crash") OR (process="Pages" AND event="terminated")

📊 Metadata

CVE ID: CVE-2025-46316

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE: CWE-125

EPSS Score: 0.04% exploit probability (10.3th percentile)

Published: January 28, 2026

Last Updated: January 30, 2026

🔗 References

https://support.apple.com/en-us/125632 Release Notes,Vendor Advisory
https://support.apple.com/en-us/125634 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126255 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46316, you might also want to check these: