Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use-after-free bug that can be triggered by maliciously crafted web content in Safari, iOS, iPadOS and macOS. Exploitation triggers an unexpected process crash, resulting in denial of service for the affected user’s browser or system.

Affected Systems

Apple Safari, iOS, iPadOS, and macOS Tahoe are affected. The issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2 and macOS Tahoe 26.5.2.

Risk and Exploitability

The CVSS score is not disclosed, the EPSS score is unavailable, and the vulnerability is not listed in CISA KEV. Attackers would likely deliver malicious content to the target via a web page or other internet‑accessible resource, provoking the crash. No user interaction beyond visiting affected content is required. The technical risk is a local denial of service; remote code execution or privilege escalation is not supported by the disclosed information.

Generated by OpenCVE AI on June 29, 2026 at 21:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest updates: Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2 and macOS Tahoe 26.5.2.
  • Restart any affected devices after the update to ensure the memory management changes are active.
  • Monitor device logs for crash events related to Safari or web content, and report any new crashes to Apple support.

Generated by OpenCVE AI on June 29, 2026 at 21:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Malicious Web Content Triggering Use-After-Free Crash in Safari and macOS
Weaknesses CWE-416

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:16:54.975Z

Reserved: 2026-05-01T22:46:21.647Z

Link: CVE-2026-43742

cve-icon Vulnrichment

Updated: 2026-06-29T21:16:50.825Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T21:45:04Z

Weaknesses