CVE-2025-43478: Use After Free
Published Nov 3, 2025
·Updated
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to cause unexpected system termination.
Credit
Mickey Jin@@patch1t, Gergely Kalman@@gergely_kalman, Joseph Ravichandran@@0xjprx(MIT CSAIL), Dave G. (supernetworks.org), JZ, Zhongcheng Li(IES Red Team of ByteDance), Michael Reeves@@IntegralPilot, Morris Richman@@morrisinlife, Csaba Fitzl@@theevilbit(Kandji), Hikerell (Loadshine Lab), 이동하 (Lee Dong Ha(BoB 14th), wac(Trend Micro Zero Day Initiative), an anonymous researcher, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), pattern-f@@pattern_F_, Ferdous Saljooki@@malwarezoo(Jamf), Murray Mike, 이동하 (Lee Dong Ha)(SSA Lab), Cristian Dinca (icmd.tech), Apple, Dave G.(supernetworks), Alex Radocea(supernetworks), Taavi Eomäe(Zone Media), Kirin@@Pwnrin, Atul R V, Asaf Cohen, CVE-2024-43398, CVE-2024-49761, CVE-2025-6442, Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ BSF Kashmir, Nikolai Skliarenko(Trend Micro Zero Day Initiative), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Wang Yu(Cyberserval), Ryan Dowd@@_rdowd, Nolan Astrein(Kandji), Duy Trần@@khanhduytran0, Adwiteeya Agrawal, Romain Lebesle(Khatima), Himanshu Bharti@@Xpl0itme(Khatima), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), BynarIO AI (bynar.io), Kirin@@Pwnrin(Microsoft), Ron Masas(BreakPoint), Pinak Oza, Wojciech Regula(SecuRing), Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Kenneth Chew, @@EthanArbuckle, iisBuri, Google Threat Analysis Group, Doug Hogan, KPC(Cisco Talos), @@RenwaX23, Zhongquan Li@@Guluisacat, Stanislav Jelezoglo, an anonymous researcher(Microsoft), Amy@@asentientbot, CVE-2025-32462, CVE-2025-53906, Aleksejs Popovs, Phil Beauvoir, Google Big Sleep, Gary Kwong, rheza@@ginggilBesel, Justin Cohen(Google), Nan Wang@@eternalsakura13, rheza@@ginggilBesel(Trend Micro Zero Day Initiative), shandikri(Trend Micro Zero Day Initiative), Gary Kwong(Trend Micro Zero Day Initiative), Tom Van Goethem, @@cloudlldb
Affected Software
5 affected componentsFixes available
Apple macOS Tahoe<26.1
26.1
Apple macOS Sequoia<15.7.2
15.7.2
Apple macOS Sonoma<14.8.2
14.8.2
Apple macOS>=14.0<14.8.2
Apple macOS>=15.0<15.7.2
Event History
Nov 3, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
WeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
Updated
via Apple·12:00 AM
Affected Software
Nov 4, 2025
CVE Published
via MITRE·01:15 AM
Data Sourced
via MITRE·01:15 AM
DescriptionWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43478?
CVE-2025-43478 has a high severity rating due to the potential for unexpected system termination.
2
How do I fix CVE-2025-43478?
CVE-2025-43478 can be fixed by updating to macOS Sonoma 14.8.2 or macOS Sequoia 15.7.2.
3
Which versions of macOS are affected by CVE-2025-43478?
CVE-2025-43478 affects macOS Tahoe versions below 26.1, macOS Sequoia below 15.7.2, and macOS Sonoma below 14.8.2.
4
What is the nature of the issue described in CVE-2025-43478?
CVE-2025-43478 is a use after free issue that involves improved memory management.
5
Can CVE-2025-43478 affect application performance?
Yes, CVE-2025-43478 can cause unexpected application crashes and system termination, affecting overall performance.