Description
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-06-29
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory corruption flaw in Safari, iOS, iPadOS, and macOS can be triggered by malicious web content, resulting in a process crash that disrupts browsing and other web‑dependent functions. The vulnerability stems from improper memory handling when parsing crafted pages, leading to an unexpected termination of the renderer. The primary consequence is denial of service for users who load the affected content.

Affected Systems

Apple Safari, iOS, iPadOS, and macOS Tahoe are vulnerable when running versions prior to 26.5.2. The bug has been fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, suggesting no known active exploitation. A potential attacker can cause a crash by directing a user to maliciously crafted web content, but no confirmed exploits are documented. Without a CVSS score, the severity cannot be precisely quantified, though the crash capability indicates a high impact on availability.

Generated by OpenCVE AI on June 29, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Safari, iOS, iPadOS, and macOS Tahoe to version 26.5.2 or later to apply the memory handling fix.
  • If an immediate update is not possible, limit user exposure to untrusted websites by using content filtering or disabling JavaScript for high‑risk sites.
  • Monitor Apple’s support site for additional patches or work‑arounds until the full update is deployed.

Generated by OpenCVE AI on June 29, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Safari, iOS, iPadOS, and macOS Memory Corruption Crash Vulnerability
Weaknesses CWE-119

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T19:43:02.426Z

Reserved: 2026-05-01T22:46:21.644Z

Link: CVE-2026-43707

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T21:30:03Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer