CVE-2025-46299
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | tvos | 26.2 |
| apple | safari | 26.2 |
| apple | watchos | 26.2 |
| apple | visionos | 26.2 |
| apple | ios | 26.2 |
| apple | ipad_os | 26.2 |
| apple | macos_tahoe | 26.2 |
| apple | macos_sonoma | * |
| apple | macos_sequoia | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory initialization issue in Apple operating systems and Safari that occurs when processing maliciously crafted web content. It may disclose internal states of the app due to improper memory handling. The issue has been fixed by improving memory management in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2.
How can this vulnerability impact me? :
The vulnerability can lead to the disclosure of internal application states when processing malicious web content, which may expose sensitive information. Although it does not allow code execution or data modification, it can still compromise confidentiality by leaking internal memory information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update affected Apple products to version 26.2 or later, including tvOS, Safari, watchOS, visionOS, iOS, iPadOS, and macOS Tahoe. Applying these updates addresses the memory initialization issue by improving memory handling and prevents processing maliciously crafted web content that may disclose internal app states.