Description
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Published: 2026-06-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write flaw in Apple’s Safari, iOS, iPadOS, and macOS Tahoe can be triggered by maliciously crafted web content, corrupting memory and causing Safari to crash. The vulnerability forces the browser to terminate, leading to a denial‑of‑service for the user. Based on the description, it is inferred that the flaw does not provide remote code execution or data exfiltration, as the crash is confined to memory corruption without an observable escape to system-level control.

Affected Systems

Apple Safari, iOS, iPadOS, and macOS Tahoe running any version prior to 26.5.2 are vulnerable; the issue was resolved in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Risk and Exploitability

The CVSS score of 6.5 reflects moderate severity, and no EPSS data is available. The vulnerability is not listed in CISA’s KEV catalog, indicating no known widescale exploitation. The likely attack vector involves delivering specially crafted web content to a target’s browser, typically by directing the user to a malicious or compromised website that injects the overflow payload. Successful exploitation would crash Safari but would not compromise system integrity or confidentiality.

Generated by OpenCVE AI on June 30, 2026 at 00:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Safari, iOS, iPadOS, and macOS Tahoe to version 26.5.2 or later to resolve the out‑of‑bounds write.
  • Enable automatic system updates on all Apple devices to ensure the security patch is applied promptly.
  • Apply a reputable web filter or VPN solution to reduce exposure to malicious web content while awaiting the platform update.

Generated by OpenCVE AI on June 30, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Title Apple Browser and OS Out‑of‑Bounds Write Leading to Crash with Malicious Web Content
Weaknesses CWE-122

Mon, 29 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Apple Browser and OS Out‑of‑Bounds Write Leading to Crash with Malicious Web Content
Weaknesses CWE-122
CWE-787
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-29T21:28:46.675Z

Reserved: 2026-05-01T22:46:21.647Z

Link: CVE-2026-43745

cve-icon Vulnrichment

Updated: 2026-06-29T21:27:59.238Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T00:30:06Z

Weaknesses