Description
A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A programming error caused a double free in memory management, which can be triggered by maliciously crafted web content. The flaw leads to an unexpected process crash rather than arbitrary code execution. The resulting loss of service can affect user experience and can potentially be leveraged to disrupt application availability. The vulnerability is a classic Use‑After‑Free condition and may be exploited by delivering crafted content through a web interface.

Affected Systems

Apple devices running iOS and iPadOS as well as macOS Tahoe are affected when they run versions older than 26.5.2. The fix is included in iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. All earlier releases remain vulnerable.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity vulnerability, while the EPSS score is not available and the issue is not listed in the CISA KEV catalog. The flaw remains a crash‑based denial of service that can be triggered remotely through malicious web pages containing crafted content. Remote denial of service would result in the affected process terminating unexpectedly, potentially degrading the user experience and, if critical, causing broader application unavailability. No widespread exploitation has been documented a yet, but the remote nature of the attack vector and the severity of the impact warrant proactive mitigation.

Generated by OpenCVE AI on June 29, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all affected Apple systems to iOS 26.5.2, iPadOS 26.5.2, or macOS Tahoe 26.5.2. If an update is not immediately available, avoid opening suspicious or untrusted web content and consider restricting web access if feasible.
  • Use Apple’s software update settings to automatically install future security patches.
  • Monitor system logs for unexpected crashes that could indicate exploitation attempts.

Generated by OpenCVE AI on June 29, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Double Free in Memory Management Causing Process Crash on iOS and macOS
Weaknesses CWE-416

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Double Free in Memory Management Causing Process Crash on iOS and macOS
Weaknesses CWE-416

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:44:46.748Z

Reserved: 2026-05-01T22:46:21.644Z

Link: CVE-2026-43706

cve-icon Vulnrichment

Updated: 2026-06-29T21:44:40.827Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T00:00:06Z

Weaknesses