Description
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a memory handling flaw that, when Safari or Apple web content are processed with maliciously crafted input, can cause an unexpected crash of the affected process, resulting in a denial‑of‑service condition. The weakness is improper memory resource handling, classified as CWE‑119.

Affected Systems

Apple systems affected include iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS. The bug exists in versions prior to the fixes applied in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity. The EPSS score is < 1 %, suggesting a very low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The documented trigger is the delivery of malicious web content, which represents the primary attack vector. No active exploitation has been reported as of the latest advisory.

Generated by OpenCVE AI on May 13, 2026 at 22:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to an iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5 or later to apply the memory‑handling fix.
  • Limit or block the loading of untrusted web content by configuring device content‑security policies or disabling automatic redirects that may surface the flaw.
  • Continuously monitor Apple security advisories and apply any subsequent patches or mitigations promptly.

Generated by OpenCVE AI on May 13, 2026 at 22:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Title Apple Web Memory Handling Flaw Causing Process Crash webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
Weaknesses CWE-120
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 13 May 2026 22:30:00 +0000

Type Values Removed Values Added
Title Apple Web Memory Handling Flaw Causing Process Crash

Wed, 13 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Tue, 12 May 2026 16:30:00 +0000

Type Values Removed Values Added
Title Malicious Web Content Crash Causes Denial of Service

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 23:00:00 +0000

Type Values Removed Values Added
Title Malicious Web Content Crash Causes Denial of Service
Weaknesses CWE-119

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-13T19:58:47.846Z

Reserved: 2026-03-03T16:36:03.990Z

Link: CVE-2026-28953

cve-icon Vulnrichment

Updated: 2026-05-12T13:15:18.914Z

cve-icon NVD

Status : Modified

Published: 2026-05-11T21:18:56.367

Modified: 2026-05-13T21:16:43.987

Link: CVE-2026-28953

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-28953 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T22:15:09Z

Weaknesses