CVE-2025-43361 is a security vulnerability identified in Apple’s operating systems including iOS, iPadOS, tvOS, watchOS, macOS Sonoma, macOS Sequoia, and visionOS. The root cause is an out-of-bounds read condition due to inadequate bounds checking in kernel memory access routines. This flaw allows a maliciously crafted app to read kernel memory, potentially exposing sensitive data such as kernel pointers, credentials, or other protected information. The vulnerability affects multiple Apple platforms, indicating a shared codebase or similar kernel components vulnerable across these OSes. Apple has released patches in the latest OS versions (iOS 26, iPadOS 26, etc.) to fix this issue by improving bounds checking mechanisms. Exploitation requires the attacker to deliver and execute a malicious app on the target device, which implies user interaction and app installation permissions. There are no reports of active exploitation in the wild at the time of publication. The absence of a CVSS score necessitates an independent severity assessment based on the impact on confidentiality and the attack vector. Since kernel memory disclosure can lead to further privilege escalation or information leakage, the vulnerability is significant. The broad range of affected Apple platforms increases the scope of potential impact. The vulnerability does not appear to allow direct code execution or denial of service but compromises the confidentiality and integrity of kernel memory. This makes it a critical concern for environments relying on Apple devices for sensitive operations.

For European organizations, this vulnerability poses a risk primarily to confidentiality and potentially integrity of sensitive information stored or processed on Apple devices. Kernel memory disclosure can reveal critical system information, which attackers could leverage for privilege escalation or to bypass security controls. Organizations with mobile device management (MDM) policies that allow app installation from outside the Apple App Store or have users with elevated privileges are particularly vulnerable. The impact extends to sectors with high Apple device usage such as finance, healthcare, government, and technology. Data breaches resulting from kernel memory disclosure could lead to regulatory penalties under GDPR due to exposure of personal or sensitive data. Additionally, the vulnerability could undermine trust in device security, affecting business continuity and reputation. Since exploitation requires a malicious app, social engineering or supply chain attacks could be vectors. The broad platform coverage means that organizations using a mix of Apple devices must ensure comprehensive patching to avoid partial exposure. Failure to address this vulnerability could facilitate advanced persistent threats (APTs) targeting European enterprises leveraging Apple ecosystems.

1. Immediately update all Apple devices to the patched OS versions: iOS 26, iPadOS 26, tvOS 26, watchOS 26, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, and visionOS 26. 2. Enforce strict app installation policies restricting devices to only install apps from the official Apple App Store or trusted enterprise sources. 3. Utilize Mobile Device Management (MDM) solutions to monitor and control app installations and enforce security configurations. 4. Educate users on the risks of installing untrusted applications and phishing attempts that may lead to malicious app installation. 5. Implement runtime protections and kernel integrity monitoring where available to detect anomalous behavior indicative of exploitation attempts. 6. Regularly audit device compliance and patch status to ensure no vulnerable devices remain in the environment. 7. For high-security environments, consider additional endpoint detection and response (EDR) tools capable of detecting kernel-level anomalies. 8. Coordinate with Apple support and security advisories for any emerging exploit information or additional mitigations. 9. Review and update incident response plans to include scenarios involving kernel memory disclosure and malicious app infections. 10. Limit user privileges on devices to reduce the risk of unauthorized app installation and privilege escalation.