COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-43510

CVE-2025-43510

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-43510
⌖ exploited in the wild shame 45/100 exploited-in-wildsupply-chainunpatched

Apple's iOS/macOS family contains a known, actively exploited improper locking vulnerability that allows malicious apps to corrupt shared memory.

This improperly locked memory access vulnerability in Apple's operating systems is actively exploited in the wild and allows attackers to corrupt shared memory between processes, potentially leading to privilege escalation or data exfiltration. For DIB organizations, this represents a critical supply-chain risk where compromised devices could be leveraged for unauthorized access or ransomware delivery, necessitating immediate patching and strict device inventory controls.

Shame score — The vulnerability is actively exploited and affects a major vendor's core product line, but the vendor has disclosed it and it is not a zero-day.

Players implicated

apple · vendorMultiple Products · product

Description

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.