Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Apple Safari's memory management has been fixed in the 26.5.2 releases. When maliciously crafted web content is processed, the browser crashes instead of executing arbitrary code; the crash isolates the fault to the Safari process, preventing compromise of system files but disrupting the user session and potentially affecting other applications on the device.

Affected Systems

Apple Safari, iOS, iPadOS and macOS Tahoe are affected by releases prior to 26.5.2. The vulnerability is resolved in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2 and macOS Tahoe 26.5.2.

Risk and Exploitability

EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. The flaw can be triggered through malicious web content, implying an attack vector that relies on a web page served over a network. The exploitation results in a browser crash, thereby denying service to the user session. Because the crash does not lead to code execution or data exfiltration, risks to confidentiality or integrity are limited; the primary impact is loss of availability for browsing activities. The CVSS score of 6.5 indicates moderate risk.

Generated by OpenCVE AI on June 29, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Apple software update that includes Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2 and macOS Tahoe 26.5.2.
  • Enable built‑in safe browsing or web protection features such as macOS Gatekeeper or iOS Safe Browsing to sandbox content and reduce the risk of triggering the crash.
  • Install reputable web‑filtering or ad‑blocking extensions to block malicious content and mitigate the crash risk while the patch is pending.

Generated by OpenCVE AI on June 29, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Crash in Safari

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Crash in Safari
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:34:47.873Z

Reserved: 2026-05-01T22:46:21.644Z

Link: CVE-2026-43717

cve-icon Vulnrichment

Updated: 2026-06-29T21:34:41.309Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T00:00:06Z

Weaknesses