CVE-2025-43529

Name of the Vulnerable Software and Affected Versions WebKitGTK versions 2.50.4-0ubuntu0.25.04.1 Apple iOS versions prior to 18.7.3 Apple iPadOS versions prior to 18.7.3 Apple macOS versions prior to 26.2 Apple tvOS versions prior to 26.2 Apple watchOS versions prior to 26.2 Apple visionOS versions prior to 26.2 Safari versions prior to 26.2

Description Multiple security issues were discovered in the WebKitGTK Web and JavaScript engines and in Apple’s WebKit component. These issues include use-after-free vulnerabilities that could allow a remote attacker to execute arbitrary code, trigger crashes, or bypass security restrictions. Exploitation may occur when a user views a malicious website. The vulnerability in Apple’s WebKit is actively exploited in the wild and has been identified as CVE-2025-43529. The vulnerability stems from improper memory management in WebKit’s HTML parsing logic. The vulnerability affects multiple Apple operating systems and products that rely on WebKit for HTML rendering. Reports indicate that this issue may have been exploited in sophisticated attacks targeting specific individuals.

Recommendations Update WebKitGTK to version 2.50.4-0ubuntu0.25.04.1. Update Apple iOS to version 18.7.3 or later. Update Apple iPadOS to version 18.7.3 or later. Update Apple macOS to version 26.2 or later. Update Apple tvOS to version 26.2 or later. Update Apple watchOS to version 26.2 or later. Update Apple visionOS to version 26.2 or later. Update Safari to version 26.2 or later.