Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Published: 2026-05-11
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free bug in Safari’s memory handling can be triggered by specially crafted web content, causing an unexpected crash of the browser. The vulnerability is not reported to enable code execution or privilege escalation; the primary impact is a denial of service that disrupts normal browsing activity.

Affected Systems

All Apple operating systems that run an earlier version than 26.5 are vulnerable. This includes iOS, iPadOS, macOS (Tahoe release), tvOS, visionOS, and watchOS. The fix is delivered in the 26.5 update for each platform.

Risk and Exploitability

Because the flaw merely causes a crash and no code execution has been demonstrated, the immediate risk to confidentiality or integrity is low. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating a low likelihood of exploitation. The most probable attack vector is a malicious web page running inside Safari, which, when loaded, can trigger the use‑after‑free and crash the application.

Generated by OpenCVE AI on May 11, 2026 at 22:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates that contain the Safari fix (iOS 26.5, iPadOS 26.5, macOS 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5).
  • Deliberately avoid browsing untrusted or suspicious web sites until the update is applied, to reduce exposure to crafted content.
  • Ensure Safari is closed and restarted after any crash to prevent repeated crashes, and keep the browser updated as soon as the patch is available.

Generated by OpenCVE AI on May 11, 2026 at 22:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
Title Safari Crash via Use‑After‑Free Bug
Weaknesses CWE-416

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-11T20:07:42.339Z

Reserved: 2026-03-03T16:36:03.989Z

Link: CVE-2026-28942

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:55.427

Modified: 2026-05-12T14:13:03.510

Link: CVE-2026-28942

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T22:30:07Z

Weaknesses