Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Safari’s memory handling can be triggered by maliciously crafted web content, causing Safari to crash unexpectedly. The vulnerability does not provide an attacker with code execution or data disclosure; it simply disrupts the browsing experience by terminating the browser process.

Affected Systems

Apple’s Safari, iOS, iPadOS, and macOS (Tahoe) versions prior to 26.5.2 are affected. The issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 and later. Users running earlier releases remain vulnerable.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, so no confirmed exploitation has been reported in the wild. The attack vector is inferred to be the delivery of crafted web content to a user’s browser; once the page loads, the use‑after‑free condition can be triggered, resulting in a crash. Given the lack of a publicly known exploit and the limited scope to the browser, the overall risk is moderate.

Generated by OpenCVE AI on June 29, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Safari, iOS, iPadOS, and macOS to version 26.5.2 or later to address the use‑after‑free flaw.
  • If an immediate upgrade is not possible, disable JavaScript or experimental features in Safari’s settings to reduce the likelihood that malicious content triggers a crash.
  • Deploy content filtering or web‑site blocking solutions to prevent users from loading untrusted or suspicious web pages until an upgrade is available.

Generated by OpenCVE AI on June 29, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Unexpected Safari Crash via Use-After-Free

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Unexpected Safari Crash via Use-After-Free
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:35:28.994Z

Reserved: 2026-05-01T22:46:21.645Z

Link: CVE-2026-43720

cve-icon Vulnrichment

Updated: 2026-06-29T21:35:24.994Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T00:00:06Z

Weaknesses