Exposures › CVE-2025-43510
Apple's iOS/macOS family contains a known, actively exploited improper locking vulnerability that allows malicious apps to corrupt shared memory.
This improperly locked memory access vulnerability in Apple's operating systems is actively exploited in the wild and allows attackers to corrupt shared memory between processes, potentially leading to privilege escalation or data exfiltration. For DIB organizations, this represents a critical supply-chain risk where compromised devices could be leveraged for unauthorized access or ransomware delivery, necessitating immediate patching and strict device inventory controls.
Shame score — The vulnerability is actively exploited and affects a major vendor's core product line, but the vendor has disclosed it and it is not a zero-day.
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
No correlated FedRAMP products.