CVE-2026-43740
Received Received - Intake

Memory Disclosure in Safari and iOS via Malicious Web Content

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Apple Inc.

Description
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may result in the disclosure of process memory.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-30
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-43740

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
apple safari 26.5.2
apple ios 26.5.2
apple ipados 26.5.2
apple macos_tahoe 26.5.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves improper memory handling in certain Apple software products. Specifically, processing maliciously crafted web content can lead to the disclosure of process memory, which means sensitive information stored in memory could be exposed to an attacker.

Impact Analysis

The impact of this vulnerability is the potential exposure of sensitive information from the process memory when a user processes malicious web content. This could lead to unauthorized access to private data or other security risks depending on what information is leaked.

Mitigation Strategies

To mitigate this vulnerability, update your Apple Safari, iOS, iPadOS, or macOS Tahoe to version 26.5.2 or later, where the issue has been fixed with improved memory handling.

Compliance Impact

This vulnerability involves the potential disclosure of process memory when processing maliciously crafted web content. Such unauthorized disclosure of memory could lead to exposure of sensitive information.

Exposure of sensitive data may impact compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and health information against unauthorized access or disclosure.

However, specific impacts on compliance depend on the nature of the data exposed and the context of use, which are not detailed in the provided information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43740. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart