{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20657", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-11-11T14:43:07.865Z", "datePublished": "2026-03-25T00:31:59.386Z", "dateUpdated": "2026-03-25T00:31:59.386Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Parsing a maliciously crafted file may lead to an unexpected app termination"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.7.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination."}], "references": [{"url": "https://support.apple.com/en-us/126793"}, {"url": "https://support.apple.com/en-us/126795"}, {"url": "https://support.apple.com/en-us/126796"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:31:59.386Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination."}], "id": "CVE-2026-20657", "lastModified": "2026-03-25T15:41:58.280", "metrics": {}, "published": "2026-03-25T01:17:04.847", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126793"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126795"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126796"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,18.7.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iOS and iPadOS", "source": "cna", "vendor": "Apple"}, "product": "ios_and_ipados", "vendor": "apple"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,14.8.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.7.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-25T05:50:25.194549+00:00", "value": {"mitigation_remediation": ["Apply the iOS 18.7.7 or iPadOS 18.7.7 update", "Apply the macOS Sequoia 15.7.5 or macOS Sonoma 14.8.5 update", "Verify the operating system reports the updated version", "Continue to monitor Apple for further advisories"], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Apple iOS, iPadOS, and macOS devices are affected when running versions earlier than iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, or macOS Sonoma 14.8.5. Any application that accepts a file on these platforms can be brought down by a specially crafted document or data stream.", "description_and_impact": "A flaw in Apple\u2019s operating systems causes an application to terminate unexpectedly when it parses a maliciously crafted file. The defect is limited to a crash and does not give an attacker direct control over the system or access to data.", "risk_and_exploitability": "The vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog and its EPSS score is unavailable. Apple has addressed the issue in the next major OS releases. Based on the description, the likely attack vector involves delivering a malformed file to a target application, which would trigger the crash. The impact is limited to loss of availability; there is no evidence of data exposure or code execution. Until the affected systems are updated, the risk persists but is constrained to causing service interruption."}}}}, "created": "2026-03-25T11:36:46.542898+00:00", "title": "Unexpected Application Crash via Malformed File Parsing on Apple Operating Systems", "updated": "2026-03-25T20:56:30.248675+00:00", "vendors": ["apple", "apple$PRODUCT$ios_and_ipados", "apple$PRODUCT$macos"], "weaknesses": ["CWE-119", "CWE-125"]}