CVE-2025-43421
BaseFortify
Publication date: 2025-11-04
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | safari | to 26.1 (exc) |
| apple | ipados | to 26.1 (exc) |
| apple | iphone_os | to 26.1 (exc) |
| apple | visionos | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple issues related to array allocation sinking that were addressed by disabling this feature. It could be triggered by processing maliciously crafted web content, which may cause an unexpected process crash.
How can this vulnerability impact me? :
The vulnerability may cause an unexpected process crash when processing malicious web content, potentially disrupting normal operation of affected devices or applications.
What immediate steps should I take to mitigate this vulnerability?
Update your devices to iOS 26.1, iPadOS 26.1, Safari 26.1, or visionOS 26.1 where this issue is fixed to prevent processing maliciously crafted web content that may cause unexpected process crashes.