Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2026-00005

Опубликовано: 15 дек. 2025
Источник: fstec
CVSS3: 8.8
CVSS2: 10
EPSS Низкий

Описание

Уязвимость модуля отображения веб-страниц WebKit браузера Safari операционных систем tvOS, iOS, iPadOS, watchOS, macOS и visionOS связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код и получить полный контроль над устройством

Вендор

ООО «РусБИТех-Астра»
Apple Inc.

Наименование ПО

Astra Linux Special Edition
MacOS
iOS
iPadOS
Safari
visionOS
watchOS
tvOS

Версия ПО

1.8 (Astra Linux Special Edition)
до 26.2 (MacOS)
до 26.2 (iOS)
до 18.7.3 (iOS)
до 18.7.3 (iPadOS)
до 26.2 (iPadOS)
до 26.2 (Safari)
до 26.2 (visionOS)
до 26.2 (watchOS)
до 26.2 (tvOS)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

ООО «РусБИТех-Астра» Astra Linux Special Edition 1.8

Уровень опасности уязвимости

Критический уровень опасности (базовая оценка CVSS 2.0 составляет 10)
Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 8,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://support.apple.com/en-us/125884
https://support.apple.com/en-us/125885
https://support.apple.com/en-us/125886
https://support.apple.com/en-us/125889
https://support.apple.com/en-us/125890
https://support.apple.com/en-us/125891
https://support.apple.com/en-us/125892
Для ОС Astra Linux:
обновить пакет webkit2gtk до 2.50.4-1~deb12u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2026-0224SE18

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 32%
0.00125
Низкий

8.8 High

CVSS3

10 Critical

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2025-43529

CVSS3: 8.8
ubuntu
4 месяца назад

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

redhat логотип

CVE-2025-43529

CVSS3: 8.8
redhat
4 месяца назад

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

nvd логотип

CVE-2025-43529

CVSS3: 8.8
nvd
4 месяца назад

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

debian логотип

CVE-2025-43529

CVSS3: 8.8
debian
4 месяца назад

A use-after-free issue was addressed with improved memory management. ...

github логотип

GHSA-m9mp-fmfc-g6gc

CVSS3: 8.8
github
4 месяца назад

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

EPSS

Процентиль: 32%
0.00125
Низкий

8.8 High

CVSS3

10 Critical

CVSS2