Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an out‑of‑bounds access that can be triggered by maliciously crafted web content, resulting in an unexpected crash of the browser or system process. The flaw does not provide a path to execute arbitrary code, but it can interrupt services and cause denial of service for users interacting with affected web pages.

Affected Systems

Apple Safari, iOS, iPadOS and macOS (Tahoe). Versions prior to Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2 and macOS Tahoe 26.5.2 are vulnerable; the issue is fixed in those releases.

Risk and Exploitability

The exploit requires an attacker to serve or embed malicious content that is processed by the affected product, a remote attack vector but requiring no elevated privileges. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Absent a CVSS score, the impact is limited to process crashes, yet the potential for widespread disruption depends on the scale of affected devices.

Generated by OpenCVE AI on June 29, 2026 at 21:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Safari update (26.5.2 or later) via the Mac App Store or Software Update.
  • Update iOS and iPadOS devices to version 26.5.2 or later using Settings > General > Software Update.
  • Upgrade macOS Tahoe to version 26.5.2 or later through the Mac App Store or Software Update.

Generated by OpenCVE AI on June 29, 2026 at 21:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-787
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Access Leading to Crash in Safari and Apple Mobile/Desktop Platforms
Weaknesses CWE-119

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:42:44.888Z

Reserved: 2026-03-03T16:36:03.993Z

Link: CVE-2026-28979

cve-icon Vulnrichment

Updated: 2026-06-29T21:42:41.306Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T21:30:03Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-125

    Out-of-bounds Read

  • CWE-787

    Out-of-bounds Write