CVE-2026-43709
Received Received - Intake

Use-After-Free in Safari Leading to Unexpected Process Crash

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Apple Inc.

Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2026-43709

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
apple safari 26.5.2
apple ios 26.5.2
apple ipados 26.5.2
apple macos_tahoe 26.5.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability described is a use-after-free issue that may lead to an unexpected process crash when processing maliciously crafted web content. There is no information provided about any impact on data confidentiality, integrity, or availability beyond the process crash.

Since the CVE description does not mention any data breach, unauthorized access, or exposure of personal or sensitive information, there is no direct indication that this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Therefore, based on the available information, this vulnerability primarily causes a denial of service (process crash) and does not appear to impact compliance with data protection regulations.

Mitigation Strategies

To mitigate this vulnerability, update affected Apple products to the fixed versions: Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, or macOS Tahoe 26.5.2.

Impact Analysis

Exploitation of this vulnerability may lead to an unexpected crash of the affected process, such as the Safari browser or related system components.

This can result in denial of service or disruption of normal operations when processing malicious web content.

Executive Summary

This vulnerability is a use-after-free issue in Apple software such as Safari, iOS, iPadOS, and macOS Tahoe. It occurs when the system improperly manages memory, leading to the possibility of accessing memory that has already been freed.

The issue is triggered by processing maliciously crafted web content, which can cause an unexpected process crash.

Apple addressed this vulnerability by improving memory management in the affected software versions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43709. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart