← back
CVE-2025-43541

CVE-2025-43541

CVSS 4.3 MEDIUMEPSS 32.0%CWE-843
In short

A type confusion flaw in Safari could cause the browser to crash when you visit a malicious website. This happens because Safari doesn't properly track the type of data it's handling, allowing attackers to craft web pages that trigger this error.

Technical detail

A type confusion vulnerability in Safari's state handling allows attackers to craft malicious web content that triggers unexpected behavior in type validation. When the browser processes this content, improper state management leads to a crash, requiring user interaction to visit the malicious page.

Summary generated and translated by AI from the official description.
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected products
Apple · iOS and iPadOSApple · macOSApple · SafariApple · visionOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/125884https://support.apple.com/en-us/125885https://support.apple.com/en-us/125886https://support.apple.com/en-us/125891https://support.apple.com/en-us/125892