Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free error in Apple’s browsers and operating systems can cause an unexpected crash when processing maliciously crafted web content. The flaw does not give an attacker direct code execution or data exfiltration; its primary consequence is a denial of service by terminating the renderer or related processes, potentially disrupting user activity.

Affected Systems

The vulnerability affects Apple Safari, iOS, iPadOS, and macOS Tahoe. Versions prior to 26.5.2 are susceptible. The fix is incorporated in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, indicating no current widespread exploitation. The attack vector is likely via malicious web content viewed in Safari or other affected browsers, requiring the victim to load the crafted page. The lack of a remote code execution path lowers the severity, but the crash impact can still be disruptive. Regular updates mitigate the risk.

Generated by OpenCVE AI on June 29, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Apple Safari to version 26.5.2 or later.
  • Upgrade iOS, iPadOS, and macOS Tahoe to version 26.5.2 or later.
  • Enable automatic system updates or regularly check Apple security advisories for new patches.

Generated by OpenCVE AI on June 29, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Leading to Process Crash in Safari, iOS, iPadOS and macOS
Weaknesses CWE-416

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:26:07.650Z

Reserved: 2026-05-01T22:46:21.644Z

Link: CVE-2026-43709

cve-icon Vulnrichment

Updated: 2026-06-29T21:26:00.528Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T21:30:03Z

Weaknesses