Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Apple’s Safari, iOS, iPadOS, and macOS memory handling was identified, leading to an unexpected process crash when malicious web content is processed. The flaw is a classic Use After Free weakness, which can be triggered by crafted HTML or JavaScript that causes the browser to free memory prematurely and then access it again. In practice, the attack delivers a denial‑of‑service condition for the affected user, potentially interrupting browsing or app usage and impacting session continuity.

Affected Systems

The vulnerability affects Apple Safari, the iOS and iPadOS operating systems, and macOS Tahoe on all versions prior to 26.5.2. Apple’s advisory states that the issue is resolved in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2, implying that older software releases remain vulnerable.

Risk and Exploitability

The vulnerability does not provide direct code execution or other high‑impact effects; the primary risk is a denial‑of‑service crash. The EPSS score is not available and the flaw is not listed in CISA’s KEV catalog, indicating no widespread exploitation data. The likely attack vector is exposure to malicious or unknown web content, making user browsing habits a key factor. As the flaw hinges on a use‑after‑free error, basic defensive controls such as keeping software up to date provide sufficient protection.

Generated by OpenCVE AI on June 29, 2026 at 21:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Safari update (26.5.2 or newer).
  • Update iOS, iPadOS, and macOS to version 26.5.2 or later, ensuring automatic updates are enabled.
  • Limit exposure to untrusted web content by using reputable browsers, avoid visiting suspicious sites, and consider web‑filtering solutions for shared environments.

Generated by OpenCVE AI on June 29, 2026 at 21:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Safari and iOS Causing Crash with Malicious Web Content
Weaknesses CWE-416

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:17:49.138Z

Reserved: 2026-05-01T22:46:21.646Z

Link: CVE-2026-43734

cve-icon Vulnrichment

Updated: 2026-06-29T21:17:41.923Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T21:45:04Z

Weaknesses