CVE-2025-43282

A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	17.7.9 (excluding)
Ipados	Apple	18.0 (including)	18.6 (excluding)
Iphone_os	Apple	*	18.6 (excluding)
Macos	Apple	13.0 (including)	13.7.7 (excluding)
Macos	Apple	14.0 (including)	14.7.7 (excluding)
Macos	Apple	15.0 (including)	15.6 (excluding)
Tvos	Apple	*	18.6 (excluding)
Visionos	Apple	*	2.6 (excluding)
Watchos	Apple	*	11.6 (excluding)

Potential Mitigations

References

https://support.apple.com/en-us/124147
https://support.apple.com/en-us/124148
https://support.apple.com/en-us/124149
https://support.apple.com/en-us/124150
https://support.apple.com/en-us/124151
https://support.apple.com/en-us/124153
https://support.apple.com/en-us/124154
https://support.apple.com/en-us/124155

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-43282
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References