CVE-2025-43368
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | safari | to 26.0 (exc) |
| apple | ipados | to 26.0 (exc) |
| apple | iphone_os | to 26.0 (exc) |
| apple | macos | to 26.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free issue in Safari and related Apple operating systems. It occurs when the software improperly manages memory, leading to the possibility of accessing memory that has already been freed. This can cause unexpected crashes when processing maliciously crafted web content.
How can this vulnerability impact me? :
The vulnerability can cause Safari or affected Apple operating systems to crash unexpectedly when processing malicious web content. This may disrupt normal usage and could potentially be exploited to affect system stability.
What immediate steps should I take to mitigate this vulnerability?
Update Safari to version 26 or later, and update macOS, iOS, or iPadOS to version 26 or later to apply the fix that addresses this use-after-free vulnerability.