Description
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
In plain language
AI Low urgencyThis is a Safari browser bug that can be triggered by a specially crafted web page and may cause a browser crash; most small businesses should update Safari/iPhone/iPad/macOS when available, but there’s no evidence of widespread active exploitation right now.
CVE-2026-43745 is an out-of-bounds write in Safari/iOS/iPadOS/macOS triggered by processing maliciously crafted web content, leading to an unexpected crash; it requires no authentication but does require user interaction (opening the malicious content), and the fix is available in Safari 26.5.2 / iOS 26.5.2 / iPadOS 26.5.2 / macOS Tahoe 26.5.2.
What to do now
- Check whether your business devices (Mac, iPhone, iPad) are running Safari, iOS/iPadOS, or macOS versions older than 26.5.2.
- Update Safari to 26.5.2 (or update the operating system that includes it).
- Update iOS and iPadOS to 26.5.2.
- Update macOS Tahoe to 26.5.2.
- After updating, test that staff can open normal websites without unexpected Safari crashes.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:RUser InteractionS:UScopeC:NConfidentialityI:NIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-43745 and every CVE in our database. Create a free account — no credit card required.
Create Free Account