Description
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-05-11
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates from inadequate memory handling when rendering web content, which can lead to an unexpected process crash if malicious data is processed. These crashes disrupt normal operation and effectively deny service to the affected device or application.

Affected Systems

Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are impacted. Versions before 26.5 are vulnerable; the flaw is resolved starting in iOS 26.5, iPadOS 26.5, macOS 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.

Risk and Exploitability

The flaw does not grant code execution or data exfiltration. The attack vector is inferred to be through a web browser or any component that processes web content, requiring the target to load malicious data. No public exploitation has been reported, EPSS < 1%, and the vulnerability is not listed in CISA KEV. The CVSS score of 6.5 indicates moderate severity, and the risk level is moderate because of the lack of exploitation evidence and the absence of a clear attack path beyond the need to render malicious content.

Generated by OpenCVE AI on May 13, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Apple software updates (iOS 26.5, iPadOS 26.5, macOS 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5) on all affected devices
  • After the update, reboot the device to ensure the new code is active
  • Enable automatic updates or periodically check Apple Support for future patches to safeguard against similar issues

Generated by OpenCVE AI on May 13, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Title Memory Handling Issue Causing Process Crashes in Apple Safari and Web-enabled Devices webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
Weaknesses CWE-120
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 14 May 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Wed, 13 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Memory Handling Issue Causing Process Crashes in Apple Safari and Web-enabled Devices

Wed, 13 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Title Memory Handling Crash from Malicious Web Content Causes Service Disruption
References

Wed, 13 May 2026 18:45:00 +0000

Type Values Removed Values Added
Title Memory Handling Crash from Malicious Web Content Causes Service Disruption
Weaknesses CWE-120

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-120

Mon, 11 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-13T19:58:43.505Z

Reserved: 2026-03-03T16:36:03.983Z

Link: CVE-2026-28902

cve-icon Vulnrichment

Updated: 2026-05-13T13:20:41.898Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T21:18:53.017

Modified: 2026-05-14T14:32:44.607

Link: CVE-2026-28902

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-28902 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T21:30:04Z

Weaknesses