CVE-2025-43374

// CVE-2025-43374 PoC - Apple Kernel OOB Read // Note: This is a conceptual PoC for demonstration purposes // Actual exploitation requires physical proximity to target device #include <stdio.h> #include <stdlib.h> /* * This vulnerability allows kernel memory out-of-bounds read * Attack vector: Physical proximity (AV:P) * No authentication required (PR:N) * No user interaction needed (UI:N) * * Prerequisites: * - Attacker must be in physical proximity to target device * - Target device must be running vulnerable Apple OS version * * This PoC demonstrates the concept of triggering OOB read * in kernel memory through improper bounds checking */ void trigger_oob_read_demo() { printf("[*] CVE-2025-43374 - Apple Kernel OOB Read PoC\n"); printf("[*] Target: Apple iOS/iPadOS/macOS kernel\n"); printf("[*] Attack Vector: Physical Proximity\n\n"); printf("[*] Attack Prerequisites:\n"); printf(" - Physical proximity to target device\n"); printf(" - Vulnerable kernel component\n"); printf(" - Specific trigger condition\n\n"); printf("[*] Exploitation Steps:\n"); printf(" 1. Establish proximity to target device\n"); printf(" 2. Send crafted input to trigger vulnerable code path\n"); printf(" 3. Kernel performs OOB read due to insufficient bounds checking\n"); printf(" 4. Read sensitive kernel memory data\n\n"); printf("[!] Note: Actual exploitation requires specialized tools and physical access\n"); printf("[!] This PoC is for educational purposes only\n"); } int main() { trigger_oob_read_demo(); return 0; }

{"cve": {"id": "CVE-2025-43374", "sourceIdentifier": "[email protected]", "published": "2025-11-21T22:16:19.863", "lastModified": "2026-04-02T19:20:35.593", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.7.7", "matchCriteriaId": "683ECAF8-DB29-40DB-963A-B95EA2A2AC01"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.0", "versionEndExcluding": "18.5", "matchCriteriaId": "069735D6-38B4-402A-9E79-1961701C9AD3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.5", "matchCriteriaId": "AF6AAC00-F384-4B0D-BBA9-C2AD278BF653"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.7.3", "matchCriteriaId": "A12642CB-69CC-4C6E-A2C2-CA8AE736EE88"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0", "versionEndExcluding": "14.7.3", "matchCriteriaId": "9C523C7E-B1CF-454B-8AFD-B462C5120D9E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.5", "matchCriteriaId": "C7416C76-07EC-4132-A509-E3F62B002CCA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.5", "matchCriteriaId": "047CDCCE-04BB-4D43-9831-7694992C5CC4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.5", "matchCriteriaId": "0CBDEF1C-6D76-4F9D-8433-3AC16F3860F4"}]}]}], "references": [{"url": "https://support.apple.com/en-us/122069", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/122070", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/122404", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/122405", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/122716", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/122720", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/122721", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/122722", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}