Skip to main content

Ios And Ipados CVE-2026-43701

| EUVDEUVD-2026-40211 HIGH
Improper Access Control (CWE-284)
2026-06-29 apple GHSA-779r-mf4g-rgf7
7.1
CVSS 3.1 · Vendor: apple
Share

Severity by source

Vendor (apple) PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
vuln.today AI
7.1 HIGH

Remote unauthenticated malicious site (AV:N/PR:N) needing victim visit (UI:R); sandbox escape crosses a trust boundary (S:C) with partial impacts (C/I/A:L).

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N

Primary rating from Vendor (apple).

CVSS VectorVendor: apple

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

9
Analysis Updated
Jun 30, 2026 - 20:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 20:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 20:22 vuln.today
cvss_changed
CVSS changed
Jun 30, 2026 - 20:22 NVD
8.3 (HIGH) 7.1 (HIGH)
Analysis Generated
Jun 30, 2026 - 13:23 vuln.today
CVSS changed
Jun 30, 2026 - 13:22 NVD
8.3 (HIGH)
Patch available
Jun 29, 2026 - 22:02 EUVD
CVE Published
Jun 29, 2026 - 19:43 cve.org
HIGH 8.3
CVE Published
Jun 29, 2026 - 19:43 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.

AnalysisAI

Sandbox escape in Apple's WebKit/Safari web content engine allows a malicious website to process restricted web content outside the sandbox on Safari, iOS/iPadOS, and macOS prior to 26.5.2. Reported by Apple and classed as an improper access-control flaw (CWE-284), it requires a victim to load attacker-controlled content (UI:R) and carries CVSS 7.1 with a scope change, reflecting that breaking out of the sandbox crosses a security boundary. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: audit and inventory all macOS, iOS, and iPadOS devices to identify those running Safari versions prior to 26.5.2. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-39868 CRITICAL
9.1 Jun 29

Kernel memory corruption in Apple iOS/iPadOS (before 26.5.2) and macOS Tahoe (before 26.5.2) allows a malicious or compr

CVE-2026-43715 HIGH
8.8 Jun 29

Memory corruption in Apple's WebKit browser engine (Safari and the system WebView on iOS, iPadOS, and macOS before 26.5.

CVE-2026-43705 HIGH
8.8 Jun 29

Memory corruption via type confusion in Apple's WebKit browser engine allows attackers to corrupt memory by luring a vic

CVE-2026-43731 HIGH
8.8 Jun 29

Memory corruption via use-after-free in Apple's WebKit browser engine allows remote attackers to corrupt memory when a v

CVE-2026-28847 HIGH
8.8 May 11

Memory-corruption crash in Apple's WebKit web-content engine lets a malicious website terminate the content-rendering pr

CVE-2026-28955 HIGH
8.8 May 11

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and

CVE-2026-28947 HIGH
8.8 May 11

Use-after-free in WebKit allows remote attackers to trigger Safari crashes and potentially achieve arbitrary code execut

CVE-2026-43735 HIGH
8.1 Jun 29

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS

CVE-2026-28907 HIGH
8.1 May 11

Content Security Policy bypass in Apple's WebKit-based platforms (iOS, iPadOS, macOS Tahoe, tvOS, visionOS, watchOS) all

CVE-2026-43724 HIGH
7.8 Jun 29

Local privilege escalation and kernel memory corruption in Apple iOS, iPadOS (before 26.5.2) and macOS Tahoe (before 26.

CVE-2026-28904 HIGH
7.5 May 11

Memory corruption in WebKit across Apple's ecosystem enables confidentiality breach via malicious web content without us

CVE-2026-28953 HIGH
7.5 May 11

Information disclosure in Apple WebKit's web content processing engine allows remote attackers to read sensitive memory

Share

CVE-2026-43701 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy