CVE-2025-43482
published 2025-12-12CVE-2025-43482: The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able…
PriorityP277medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.19%
8.6th percentile
The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 14.8.3 | 14.8.3 |
| apple | macos | < 15.7.3 | 15.7.3 |
| apple | macos | < 26.2 | 26.2 |
| apple | macos | >= 14.0 < 14.8.3 | 14.8.3 |
| apple | macos | >= 15.0 < 15.7.3 | 15.7.3 |
| apple | macos_sequoia | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_tahoe | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the Audio component of macOS; monitor for apps triggering abnormal Audio subsystem behavior or crashes (denial-of-service) on unpatched macOS versions prior to Sequoia 15.7.3, Sonoma 14.8.3, or Tahoe 26.2. ↗
- →Root cause is insufficient input validation in the macOS Audio component; look for malformed or unexpected audio input being passed to the Audio subsystem by untrusted applications. ↗
- ·No public exploit code, hashes, network indicators, or file-level IOCs are disclosed in any source. Detection is limited to behavioral/version-based signals. ↗
- ·Affected component is 'Audio' across three macOS release trains (Sequoia, Sonoma, Tahoe); ensure patch applicability is checked per OS version in your fleet. ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2025-43482: macOS Tahoe 26.2
vendor_apple·2025-12-12·CVSS 5.5
CVE-2025-43482 [MEDIUM] CVE-2025-43482: macOS Tahoe 26.2
Apple Security Update: About the security content of macOS Tahoe 26.2
Product: macOS Tahoe
Version: 26.2
CVE: CVE-2025-43482
Component: Audio
Impact: An app may be able to cause a denial-of-service
Description: The issue was addressed with improved input validation.
Apple
CVE-2025-43482: macOS Sequoia 15.7.3
vendor_apple·2025-12-12·CVSS 5.5
CVE-2025-43482 [MEDIUM] CVE-2025-43482: macOS Sequoia 15.7.3
Apple Security Update: About the security content of macOS Sequoia 15.7.3
Product: macOS Sequoia
Version: 15.7.3
CVE: CVE-2025-43482
Component: Audio
Impact: An app may be able to cause a denial-of-service
Description: The issue was addressed with improved input validation.
Apple
CVE-2025-43482: macOS Sonoma 14.8.3
vendor_apple·2025-12-12·CVSS 5.5
CVE-2025-43482 [MEDIUM] CVE-2025-43482: macOS Sonoma 14.8.3
Apple Security Update: About the security content of macOS Sonoma 14.8.3
Product: macOS Sonoma
Version: 14.8.3
CVE: CVE-2025-43482
Component: Audio
Impact: An app may be able to cause a denial-of-service
Description: The issue was addressed with improved input validation.
GHSA
GHSA-c6hq-r2mm-58p4: The issue was addressed with improved input validation
ghsa_unreviewed·2025-12-12
CVE-2025-43482 [MEDIUM] CWE-20 GHSA-c6hq-r2mm-58p4: The issue was addressed with improved input validation
The issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to cause a denial-of-service.
VulnCheck
Apple macos Improper Input Validation
vulncheck·2025·CVSS 5.5
CVE-2025-43482 [MEDIUM] Apple macos Improper Input Validation
Apple macos Improper Input Validation
The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service.
Affected: Apple macos
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://media.jamf.com/documents/white-papers/security-360-mac-2026.pdf
No detection rules found.
No public exploits indexed.
2025-12-12
Published
Exploited in the wild