A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 10
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Apple Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
|
— |
18.7.2
|
|
Apple Ipados
cpe:2.3:o:apple:ipados:26.0:*:*:*:*:*:*:*
|
— | — |
|
Apple Iphone_Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
|
— |
18.7.2
|
|
Apple Iphone_Os
cpe:2.3:o:apple:iphone_os:26.0:*:*:*:*:*:*:*
|
— | — |
|
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
|
14.0
|
14.8.2
|
|
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
|
15.0
|
15.7.2
|
|
Apple Macos
cpe:2.3:o:apple:macos:26.0:*:*:*:*:*:*:*
|
— | — |
|
Apple Tvos
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
|
— |
26.1
|
|
Apple Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
|
— |
26.1
|
|
Apple Watchos
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
|
— |
26.1
|
References 8
https://support.apple.com/en-us/125632
product-security@apple.com
https://support.apple.com/en-us/125633
product-security@apple.com
https://support.apple.com/en-us/125634
product-security@apple.com
https://support.apple.com/en-us/125635
product-security@apple.com
https://support.apple.com/en-us/125636
product-security@apple.com
https://support.apple.com/en-us/125637
product-security@apple.com
https://support.apple.com/en-us/125638
product-security@apple.com
https://support.apple.com/en-us/125639
product-security@apple.com