CVE-2026-20616Out-of-bounds Write in Apple IOS AND Ipados

CWE-787Out-of-bounds Write8 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 80.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple MacosApple Visionos+2 more
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5apple/macos< 14.8.4+1
NVDapple/macos14.014.8.4+1
NVDapple/ipados< 18.7.5
CVEListV5apple/visionos< 26.3
NVDapple/visionos< 26.3

🔴Vulnerability Details

2
GHSA
GHSA-6xrf-46c8-4wmj: An out-of-bounds write issue was addressed with improved bounds checking2026-02-12
CVEList
CVE-2026-20616: An out-of-bounds write issue was addressed with improved bounds checking2026-02-11

📋Vendor Advisories

4
Apple
CVE-2026-20616: iOS 18.7.5 and iPadOS 18.7.52026-02-11
Apple
CVE-2026-20616: macOS Sonoma 14.8.42026-02-11
Apple
CVE-2026-20616: macOS Tahoe 26.32026-02-11
Apple
CVE-2026-20616: visionOS 26.32026-02-11

🕵️Threat Intelligence

1
Wiz
CVE-2026-20616 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-20616 — Out-of-bounds Write in Apple | cvebase