CVE-2025-43438
MediumCVSS 4.3Exploitation Probability (EPSS)
Elevated risk61th percentile - higher than 61% of all known CVEs
Summary
A use-after-free vulnerability was addressed with improved memory management in Safari and Apple operating systems. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Risk Assessment
An attacker could exploit this vulnerability to crash Safari, disrupting user activity and potentially enabling further attacks on the system.
Recommendation
Immediately update Safari to version 26.1 and Apple operating systems to the specified versions (iOS 18.7.2, iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1).
Original NVD description (English source)
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.

