Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
A flaw was found in webkitgtk where when processing a maliciously crafted web content a use-after-free type of weaknesses may be triggered leading to a remote code execution in the client machine.
Отчет
This vulnerability is rated IMPORTANT for Red Hat products. A use-after-free flaw in webkitgtk, when processing maliciously crafted web content, can lead to remote code execution. Successful exploitation requires user interaction, where a victim must visit a malicious website. WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality. WebKitGTK4 is used in Red Hat Enterprise Linux 7 by the following packages: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted web content. Additionally, disabling the JavaScript JIT compiler can reduce the attack surface. For applications using WebKitGTK, set the environment variable JavaScriptCoreUseJIT=0 before launching the application. This may impact performance for JavaScript-heavy web content.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | pywebkitgtk | Out of support scope | ||
| Red Hat Enterprise Linux 6 | webkitgtk | Out of support scope | ||
| Red Hat Enterprise Linux 7 | webkitgtk3 | Will not fix | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | webkitgtk4 | Fixed | RHSA-2025:23975 | 24.12.2025 |
| Red Hat Enterprise Linux 8 | webkit2gtk3 | Fixed | RHSA-2025:23663 | 18.12.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | webkit2gtk3 | Fixed | RHSA-2025:23969 | 24.12.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | webkit2gtk3 | Fixed | RHSA-2025:23967 | 24.12.2025 |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | webkit2gtk3 | Fixed | RHSA-2025:23967 | 24.12.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | webkit2gtk3 | Fixed | RHSA-2025:23968 | 24.12.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | webkit2gtk3 | Fixed | RHSA-2025:23968 | 24.12.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
A use-after-free issue was addressed with improved memory management. ...
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Уязвимость модуля отображения веб-страниц WebKit браузера Safari операционных систем tvOS, iOS, iPadOS, watchOS, macOS и visionOS, позволяющая нарушителю выполнить произвольный код и получить полный контроль над устройством
EPSS
8.8 High
CVSS3