CVE-2025-46298

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apple Safari versions 26.2 Apple tvOS versions 26.2 Apple watchOS versions 26.2 Apple visionOS versions 26.2 Apple iOS versions 26.2 Apple iPadOS versions 26.2 macOS Tahoe versions 26.2

Description A type confusion issue exists in the JavaScriptCore FTL New Array Materialization component. Processing specially crafted web content may cause an unexpected process crash. The issue was addressed with improved memory handling.

Recommendations Update Apple Safari to version 26.2. Update Apple tvOS to version 26.2. Update Apple watchOS to version 26.2. Update Apple visionOS to version 26.2. Update Apple iOS to version 26.2. Update Apple iPadOS to version 26.2. Update macOS Tahoe to version 26.2.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2025-46298

ZDI-26-057

Affected Products

Apple Macos

Safari

Ios

Ipados

Tvos

Visionos

Watchos

CVE-2025-46298

Weakness Enumeration

Related Identifiers

Affected Products

References · 15