CVE-2025-43372 is a vulnerability identified in Apple’s iOS, iPadOS, and related operating systems, including tvOS, watchOS, macOS Sonoma, and visionOS. The vulnerability arises from improper input validation when processing media files, specifically those that are maliciously crafted. When a vulnerable device processes such a file, it may lead to unexpected application termination or corruption of process memory. This behavior can cause denial of service (DoS) conditions by crashing apps or destabilizing processes, potentially impacting device availability. The vulnerability is classified under CWE-20, which relates to improper input validation. Exploitation requires no privileges and no prior authentication but does require user interaction, such as opening or previewing a malicious media file. The CVSS v3.1 base score is 6.5, indicating medium severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). Apple fixed this issue in the latest OS releases: tvOS 26, watchOS 26, iOS 26, iPadOS 26, macOS Sonoma 14.8.2, and visionOS 26 by improving input validation mechanisms. No known exploits have been reported in the wild as of the publication date. The vulnerability primarily threatens device stability and availability rather than data confidentiality or integrity.

For European organizations, this vulnerability poses a risk of service disruption on Apple mobile devices and related platforms if malicious media files are processed. This can affect business continuity, especially in sectors relying heavily on iOS and iPadOS devices for communication, operations, or customer interaction. The denial of service caused by app crashes or memory corruption could interrupt critical workflows, degrade user experience, and potentially lead to increased support costs. While the vulnerability does not allow data theft or modification, the availability impact can be significant in environments where uptime and device reliability are crucial. Additionally, targeted attacks exploiting this vulnerability could be used as part of broader campaigns to disrupt organizational operations or distract security teams. The requirement for user interaction means phishing or social engineering could be vectors for exploitation, increasing the risk in sectors with less security awareness or training.

European organizations should prioritize updating all Apple devices to the patched OS versions (iOS 26, iPadOS 26, macOS Sonoma 14.8.2, etc.) as soon as possible to remediate this vulnerability. Implement strict mobile device management (MDM) policies to control app permissions and restrict the opening of media files from untrusted or unknown sources. Educate users about the risks of opening unsolicited media files and implement phishing awareness training to reduce the likelihood of social engineering attacks. Employ network-level protections such as email and web filtering to block or quarantine suspicious media files before they reach end users. Consider deploying endpoint protection solutions capable of detecting anomalous app crashes or memory corruption events. For critical environments, restrict the use of media file preview features or sandbox applications that handle media processing to limit the impact of potential exploitation. Regularly audit device compliance and patch status to ensure timely remediation.