Description
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper memory handling flaw in Safari, iOS, iPadOS, and macOS. When maliciously crafted web content is processed, the application can crash unexpectedly. The crash leads to a denial‑of‑service condition because the affected process stops functioning, potentially disrupting user workflows during browsing sessions.

Affected Systems

Apple Safari, iOS, iPadOS, and macOS sectors are impacted. The flaw has been fixed as of Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Earlier releases of these operating systems are vulnerable.

Risk and Exploitability

The impact is limited to a process crash, which can be leveraged by an attacker to cause a denial of service on the client device. The exploit requires delivering malicious web content, most likely via a remote attacker controlling a website or compromised network element. EPSS data is not available, so exploitation probability cannot be quantitatively assessed, and the issue is not included in the CISA KEV catalog.

Generated by OpenCVE AI on June 29, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Safari to version 26.5.2 or later
  • Upgrade iOS to version 26.5.2 or later
  • Upgrade iPadOS to version 26.5.2 or later
  • Upgrade macOS Tahoe to version 26.5.2 or later

Generated by OpenCVE AI on June 29, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Safari, iOS, iPadOS, and macOS Crash from Malicious Web Content Due to Improper Memory Handling
Weaknesses CWE-119
CWE-787

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:46:17.113Z

Reserved: 2026-04-07T19:58:20.173Z

Link: CVE-2026-39872

cve-icon Vulnrichment

Updated: 2026-06-29T21:46:13.180Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T21:30:03Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-416

    Use After Free

  • CWE-787

    Out-of-bounds Write