Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory handling bug in Apple operating systems causes an unexpected process crash when a user processes maliciously crafted web content, resulting in a denial‑of‑service for the affected device. The flaw does not provide privilege escalation or remote code execution; the effect is limited to availability loss.

Affected Systems

The vulnerability affects Apple iOS, iPadOS and macOS Tahoe. It has been fixed in iOS 26.5.2, iPadOS 26.5.2 and macOS Tahoe 26.5.2, and any releases thereafter.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV. The flaw can be triggered by loading malicious web content through a browser or any web‑enabled application, which is a likely attack vector. Because the impact is only an application crash and no control‑flow takeover is possible, the risk is moderate and primarily an availability threat for single devices, with exploitation being relatively straightforward in a user‑directed attack.

Generated by OpenCVE AI on June 29, 2026 at 21:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to iOS 26.5.2 or later
  • Upgrade to iPadOS 26.5.2 or later
  • Upgrade to macOS Tahoe 26.5.2 or later

Generated by OpenCVE AI on June 29, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-787
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Browser Content Handling Crash in iOS, iPadOS, and macOS
Weaknesses CWE-119

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:42:01.521Z

Reserved: 2026-05-01T22:46:21.643Z

Link: CVE-2026-43703

cve-icon Vulnrichment

Updated: 2026-06-29T21:41:49.276Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T21:30:03Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-125

    Out-of-bounds Read

  • CWE-787

    Out-of-bounds Write