CVE-2025-43361 is a vulnerability classified under CWE-125 (Out-of-bounds Read) that affects multiple Apple operating systems including iOS, iPadOS, tvOS, watchOS, macOS Sonoma, macOS Sequoia, and visionOS. The root cause is an out-of-bounds read in the kernel memory space due to inadequate bounds checking, which allows a malicious application with limited privileges to read sensitive kernel memory. This can lead to leakage of confidential information, potential privilege escalation, or destabilization of the system. The vulnerability is exploitable locally by a malicious app without requiring user interaction, increasing the risk if such an app is installed on a device. Apple has fixed this issue by enhancing bounds checking in the kernel, releasing patches in the latest OS versions (iOS 26, iPadOS 26, etc.). The CVSS v3.1 base score is 7.8, reflecting high severity with attack vector local, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. No known exploits have been reported in the wild so far, but the vulnerability poses a significant risk to the confidentiality and integrity of kernel memory on affected devices.

The vulnerability allows a malicious app to read kernel memory, which can expose sensitive information such as cryptographic keys, user data, or kernel data structures. This compromises confidentiality and may facilitate further attacks like privilege escalation or arbitrary code execution. Integrity and availability impacts are also rated high, as kernel memory corruption or leakage can destabilize the system or allow unauthorized modifications. For organizations, this means that compromised Apple devices could lead to data breaches, loss of trust, and potential lateral movement within networks. The local attack vector requires that the attacker first get a malicious app installed, which could happen via sideloading, enterprise provisioning, or App Store if bypassed. The broad range of affected Apple platforms increases the scope of impact, especially in environments heavily reliant on Apple hardware for mobile productivity, secure communications, or sensitive operations.

Organizations and users should immediately update all affected Apple devices to the latest OS versions where the vulnerability is patched (iOS 26, iPadOS 26, tvOS 26, watchOS 26, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, visionOS 26). Restrict installation of apps to trusted sources only, such as the official App Store, and enforce mobile device management (MDM) policies to prevent sideloading or unauthorized app installations. Employ runtime protections and monitoring to detect anomalous app behavior that attempts to access kernel memory. Regularly audit device configurations and app permissions to minimize the attack surface. For enterprise environments, consider network segmentation and endpoint detection solutions that can identify exploitation attempts. Finally, maintain user awareness about the risks of installing untrusted applications and the importance of timely updates.