A critical input validation vulnerability, identified as CVE-2025-43347, affects multiple Apple operating systems, including iOS, iPadOS, and macOS. With a CVSS score of 9.8, this flaw could allow a remote attacker to execute arbitrary code and gain full control of a vulnerable device without any user interaction. Successful exploitation could lead to a complete compromise of sensitive data and system integrity.

The vulnerability is an input validation issue. A core service within the affected operating systems fails to properly sanitize user-supplied or externally received data. An unauthenticated, remote attacker could exploit this by sending specially crafted input (such as a malicious network packet, message, or file) to a vulnerable device, triggering a memory corruption condition that leads to arbitrary code execution with system-level privileges.

This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant threat to the organization. Successful exploitation could result in a complete system compromise, allowing an attacker to steal sensitive corporate data, deploy ransomware, install persistent backdoors, or use the compromised device as a launchpad for further attacks on the internal network. The potential consequences include major data breaches, financial loss, reputational damage, and disruption of business operations, particularly in environments with a large fleet of Apple devices.

Immediate Action: Update all affected Apple devices to the latest secure versions as specified by the vendor: tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26, and iPadOS 26 or later. Prioritize patching for internet-facing and critical systems.

Proactive Monitoring: Implement enhanced monitoring on network traffic to and from Apple devices, looking for unusual patterns or connections. Review system and application logs for errors related to input processing, unexpected crashes, or the execution of unauthorized processes that could indicate an exploitation attempt.

Compensating Controls: If immediate patching is not feasible, consider network segmentation to isolate vulnerable devices from critical assets. Employ Mobile Device Management (MDM) policies to restrict functionality and limit the attack surface. Ensure Intrusion Prevention Systems (IPS) and web application firewalls (WAFs) are updated with signatures that may detect and block exploit attempts against this vulnerability.

Public Exploit Available: false

Due to the critical severity of this vulnerability, immediate action is required. We strongly recommend that all affected Apple devices within the organization be updated to the patched versions without delay. This vulnerability should be treated with the highest priority, similar to a CISA KEV-listed vulnerability, as the risk of exploitation is extremely high. A comprehensive patching campaign should be initiated immediately to mitigate the risk of a full device compromise.