CVE-2025-43520 - Apple Multiple Products Classic Buffer Overflow Vulnerability
Project:Apple
Product:Multiple Products
Date Added:2026-03-20Due Date:2026-04-03
Vulnerability Name
Apple Multiple Products Classic Buffer Overflow Vulnerability
Description
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://support.apple.com/en-us/125632
https://support.apple.com/en-us/125633
https://support.apple.com/en-us/125634
https://support.apple.com/en-us/125635
https://support.apple.com/en-us/125636
https://support.apple.com/en-us/125637
https://support.apple.com/en-us/125638
https://support.apple.com/en-us/125639
https://nvd.nist.gov/vuln/detail/CVE-2025-43520
Related News Articles
Apple expands iOS 18 updates to more iPhones to block DarkSword attacksApril 2, 2026
CISA orders feds to patch DarkSword iOS flaws exploited attacksMarch 23, 2026
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026March 21, 2026