Name of the Vulnerable Software and Affected Versions
WebKitGTK versions prior to 2.50.4-0ubuntu0.25.04.1
Apple iOS, iPadOS, macOS, Safari, watchOS, and visionOS versions prior to iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, watchOS 26.2, and visionOS 26.2
Description
The WebKitGTK Web and JavaScript engines contain multiple security issues. A use-after-free vulnerability exists in WebKit, allowing attackers to potentially execute arbitrary code, trigger crashes, or bypass security restrictions by processing maliciously crafted web content. This vulnerability is actively exploited in the wild and has been flagged by CISA as a Known Exploited Vulnerability (KEV). The vulnerability stems from improper memory management within WebKit’s HTML parsing logic. The flaw affects multiple Apple operating systems and products that utilize WebKit. Exploitation may occur through web browsers or applications using WebKit to render HTML content.
Recommendations
WebKitGTK versions prior to 2.50.4-0ubuntu0.25.04.1: Update to version 2.50.4-0ubuntu0.25.04.1 or later.
Apple iOS, iPadOS, macOS, Safari, watchOS, and visionOS versions prior to iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, watchOS 26.2, and visionOS 26.2: Update to the latest available version.