CVE-2025-43510 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-12-12

Added to CISA KEV: 2026-03-20 98 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review installed applications, check system logs for suspicious activity, and verify system integrity
Update immediately to latest versions: iOS 18.7.2/26.1, iPadOS 18.7.2/26.1, macOS Sequoia 15.7.2/Sonoma 14.8.2/Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1
Review recently installed applications and remove any suspicious or untrusted software
Monitor for unusual application behavior or system performance issues
PATCH PRIORITY: HIGH for all affected consumer devices due to active exploitation

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-43510 is a high-severity memory corruption vulnerability affecting Apple operating systems, which has been identified as being actively exploited in the wild ^[2] ^[3].

Active Exploitation and Threat Actors

The vulnerability has been linked to the "DarkSword" exploit chain, which has been observed in active, targeted attacks ^[2] ^[3]. There is no public evidence linking this specific vulnerability to widespread ransomware campaigns; rather, it is associated with targeted exploitation efforts ^[3].

Attack Method and Requirements

Method: The flaw is caused by improper lock state checking, which leads to a race condition and subsequent memory corruption ^[1] ^[2].
Exploitation: It can be triggered by a malicious application to arbitrarily modify memory shared between processes ^[1].
Requirements: While the exact user interaction requirements can vary based on the full exploit chain, it typically requires the execution of a malicious application on the device ^[1].

Impact

Successful exploitation allows an attacker to achieve unauthorized code execution or other forms of privilege escalation on the affected device ^[1]. It is often used as a component in a larger exploit chain to gain deeper access after an initial compromise ^[3].

Affected Products and Mitigation

The vulnerability was addressed by Apple with improved lock state checking ^[5]. Users are strongly advised to update to the latest available software versions to mitigate this risk.

Affected Platforms	Fixed Version
iOS	18.7.2
iPadOS	18.7.2
watchOS	26.1

*Note: Additional versions, such as iOS/iPadOS 26.1, have also been noted in security databases as containing the fix ^[4].*

Sources

CVE-2025-43510 - Vulnerability Details - OpenCVE
The vulnerability is a memory corruption flaw that can be triggered by a malicious application to arbitrarily modify the contents of memory shared between processes. The flaw is caused by improper lock state checking, which allows a race condition that results in unintended writes. If exploited, an…
WebKit and Kernel Vulnerabilities and DarkSword Exploit | Threat Intel
CVE-2025-43510 (CVSS 7.8) is an improper locking vulnerability where a malicious application can cause unexpected changes in memory shared ...
Active Exploitation of Multiple Apple Vulnerabilities Linked to ...
Once initial access is obtained, attackers exploit CVE-2025-43510, a vulnerability caused by improper lock-state validation that enables ...
OS X update for Kernel (CVE-2025-43510) - Rapid7
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, ...
CVE-2025-43510 Detail - NVD
Description. A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, ... An official website of the United States government Here's how you know…

🟢 CVE-2025-43510