Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw resides in Safari’s memory‑management code. When a maliciously crafted web page exploits this weakness, an internal pointer is corrupted, causing Safari to crash unexpectedly. The resulting denial of service can terminate the browser on the affected device, disrupting user sessions but not exposing sensitive data. The flaw is classified as CWE‑416.

Affected Systems

The vulnerability is present in Apple Safari, iOS, iPadOS, and macOS Tahoe on all releases prior to versions 26.5.2. The fix is deployed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2, so only older releases are at risk.

Risk and Exploitability

The attack requires that a user loads malicious web content in Safari. Based on the description, the likely vector is remote through a compromised or intentionally malicious website, and the exploited condition is local to the user's device. No EPSS score is provided and the vulnerability is not listed in the CISA KEV catalog, indicating a moderate exploitation probability. The CVSS score of 6.5 reflects medium severity.

Generated by OpenCVE AI on June 29, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Safari to version 26.5.2 or newer on all macOS devices.
  • Upgrade iOS and iPadOS to version 26.5.2 or newer on all devices.
  • Upgrade macOS to version Tahoe 26.5.2 or newer.
  • Until the update is installed, avoid browsing untrusted websites or opening unknown links.

Generated by OpenCVE AI on June 29, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Safari Crash via Use-After-Free

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Safari Crash via Use-After-Free
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:32:56.627Z

Reserved: 2026-05-01T22:46:21.645Z

Link: CVE-2026-43727

cve-icon Vulnrichment

Updated: 2026-06-29T21:32:52.978Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T00:00:06Z

Weaknesses