Apple WebKit Use-After-Free Vulnerability Allowing Arbitrary Code Execution

A use-after-free vulnerability has been identified in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS Tahoe, watchOS, tvOS, and visionOS. This vulnerability arises from improper memory management, which can be exploited by processing maliciously crafted web content, leading to memory corruption and potentially allowing arbitrary code execution. Notably, this issue may have been exploited in a sophisticated attack targeting specific individuals on earlier versions of iOS.

Impact

Exploitation of this vulnerability could lead to memory corruption, allowing for arbitrary code execution.

Remediation

Users can update to the latest versions of the affected operating systems to address this vulnerability. For macOS, this includes updating to macOS Tahoe 26.2. For iOS and iPadOS, users should update to version 26.2. Apple Watch users can update to watchOS 26.2, while Apple TV users should update to tvOS 26.2. For Safari users on macOS Sonoma or Sequoia, version 26.2 is available.