Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
Published: 2026-06-29
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free flaw that can arise when Safari, iOS, iPadOS, or macOS processes maliciously crafted web content. The flaw can corrupt memory. The description does not explicitly describe the ultimate impact beyond memory corruption.

Affected Systems

Apple Safari, iOS, iPadOS, and macOS are the affected products. Versions older than 26.5.2 contain the flaw; the issue was addressed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity and no EPSS score is available. The vulnerability is not listed in CISA's KEV catalog. The flaw requires the processing of malicious web content to trigger the use‑after‑free. Based on the description, it is inferred that an attacker could craft such content to exploit the flaw, leading to memory corruption.

Generated by OpenCVE AI on June 30, 2026 at 00:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Apple‑released patch (Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2) which resolves the CWE‑416 use‑after‑free flaw.
  • Enable automatic updates so subsequent security patches are applied automatically.
  • If patching cannot be performed immediately, restrict web browsing to trusted domains and disable or block potentially malicious content types (e.g., plugins, extensions) to reduce the chance that crafted content triggers the vulnerability.
  • Monitor system logs for evidence of memory corruption or crashes that might indicate exploitation, and investigate promptly.

Generated by OpenCVE AI on June 30, 2026 at 00:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Leading to Memory Corruption in Apple Safari, iOS, iPadOS, and macOS

Mon, 29 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Leading to Memory Corruption in Apple Safari, iOS, iPadOS, and macOS

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:17:13.448Z

Reserved: 2026-05-01T22:46:21.644Z

Link: CVE-2026-43715

cve-icon Vulnrichment

Updated: 2026-06-29T21:15:26.745Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T00:30:06Z

Weaknesses