Detections
Analytics

macOS 26.x < 26.0.1 (125328)

medium Nessus Plugin ID 266075

Language:

Synopsis

The remote host is missing a macOS update that fixes a vulnerability

Description

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.0.1. It is, therefore, affected by a vulnerability:

 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory. (CVE-2025-43400)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 26.0.1 or later.

See Also

https://support.apple.com/en-us/125328

Plugin Details

Severity: Medium

ID: 266075

File Name: macos_125328.nasl

Version: 1.2

Type: local

Agent: macosx

Published: 9/29/2025

Updated: 10/3/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2025-43400

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:26.0, cpe:/o:apple:macos:26.0

Exploit Ease: No known exploits are available

Patch Publication Date: 9/29/2025

Vulnerability Publication Date: 9/29/2025

Reference Information

CVE: CVE-2025-43400

APPLE-SA: 125328

IAVA: 2025-A-0710