CVE-2025-43529
Description
CVE-2025-43529 is a high-severity use-after-free flaw in Apple products being actively exploited to achieve arbitrary code execution via web content.
CPE
| Product | Version Start | Version End (excl.) | Status |
|---|---|---|---|
| safari | * | 26.2 | vulnerable |
| ipados | * | 18.7.3 | vulnerable |
| ipados | 26.0 | 26.2 | vulnerable |
| iphone_os | * | 18.7.3 | vulnerable |
| iphone_os | 26.0 | 26.2 | vulnerable |
| macos | 26.0 | 26.2 | vulnerable |
| tvos | * | 26.2 | vulnerable |
| visionos | * | 26.2 | vulnerable |
| watchos | * | 26.2 | vulnerable |
Related weakness (CWE)
Remediation plan
Apply official patches
Install the latest security updates provided by Apple for your specific device operating system to address the underlying memory management flaw.
Update affected systems
Ensure devices are running Safari 26.2, iOS/iPadOS 18.7.3 or 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, or watchOS 26.2 or later.
Restrict access
Utilize mobile device management (MDM) solutions to enforce web filtering and block access to untrusted or high-risk domains that could host malicious web content.
Monitor for exploitation
Use endpoint detection and response (EDR) tools to monitor for unusual browser process behavior, unexpected crashes, or unauthorized code execution originating from WebKit-related processes.
Detection Guidance
Detection should focus on identifying anomalous behavior within web rendering processes. Security teams should monitor for frequent crashes of WebKit-related processes or Safari, which may indicate failed exploitation attempts. Look for unusual outbound network connections from mobile devices to unknown command-and-control infrastructure immediately following web browsing activity. Additionally, leverage MDM inventory logs to identify devices running versions older than iOS 18.7.3 or macOS 26.2.