CVE-2025-43501
BaseFortify
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | safari | to 26.2 (exc) |
| apple | ipados | to 18.7.3 (exc) |
| apple | ipados | From 26.0 (inc) to 26.2 (exc) |
| apple | iphone_os | to 18.7.3 (exc) |
| apple | iphone_os | From 26.0 (inc) to 26.2 (exc) |
| apple | macos | to 26.2 (exc) |
| apple | visionos | to 26.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-43501 is a vulnerability in WebKit, the browser engine used by Safari and other Apple platforms. It involves issues such as a use-after-free flaw and a race condition that occur when processing maliciously crafted web content. These flaws can cause unexpected process crashes. Apple fixed the vulnerability by improving memory and state handling. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unexpected process crashes when malicious web content is processed. While it does not directly compromise confidentiality or integrity, it can cause denial of service by crashing the affected processes, potentially disrupting normal device or browser operation. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update your Apple devices to the fixed versions: Safari 26.2, iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, visionOS 26.2, or later. Applying these updates will improve memory and state handling to prevent crashes caused by maliciously crafted web content. [1, 2]