8.8

CVE-2025-43529

Warnung
Medienbericht
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 26.2
AppleiPadOS Version < 18.7.3
AppleiPadOS Version >= 26.0 < 26.2
AppleiPhone OS Version < 18.7.3
AppleiPhone OS Version >= 26.0 < 26.2
ApplemacOS Version >= 26.0 < 26.2
AppletvOS Version < 26.2
ApplevisionOS Version < 26.2
ApplewatchOS Version < 26.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

15.12.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Use-After-Free WebKit Vulnerability

Schwachstelle

Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.44% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
02.04.2026 00:04
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
23.03.2026 09:52
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
19.03.2026 11:06
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
18.03.2026 15:20
https://support.apple.com/en-us/125884
Vendor Advisory
Release Notes
https://support.apple.com/en-us/125891
Vendor Advisory
Release Notes
https://support.apple.com/en-us/125886
Vendor Advisory
Release Notes
https://support.apple.com/en-us/125885
Vendor Advisory
Release Notes
https://support.apple.com/en-us/125892
Vendor Advisory
Release Notes
https://support.apple.com/en-us/125889
Vendor Advisory
Release Notes
https://support.apple.com/en-us/125890
Vendor Advisory
Release Notes
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529
US Government Resource