Primary

Context

Apple WebKit Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in WebKit, the engine that powers the Safari browser. This issue is present in WebKit versions included with Safari 26.1, as well as in the WebKit components of visionOS 26.1, watchOS 26.1, and tvOS 26.1. The vulnerability arises from WebKit processing maliciously crafted web content, which can lead to an unexpected process crash. This issue was addressed with improved memory management and input validation.

Impact

Exploitation of this vulnerability causes a process crash, leading to a denial-of-service condition.

Remediation

Users can update to Safari 26.1, or the respective 26.1 version of their Apple device's operating system, to address this vulnerability.

Added: Nov 4, 2025, 2:43 AM

Updated: Nov 4, 2025, 2:43 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

3.3

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

3.3

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apple visionOS

Apple watchOS

Apple tvOS

Apple iPadOS

Apple macOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating