Primary

Context

Apple WebKit Memory Initialization Vulnerability Allowing Internal State Disclosure

Vulnerability

Patched

A memory initialization vulnerability in WebKit was addressed with improved memory handling. This issue, present in multiple Apple operating systems including iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and Safari, could allow processing of maliciously crafted web content to disclose internal states of the application.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of internal application states.

Remediation

Users can update to the latest version of the affected operating systems or applications. This vulnerability is fixed in iOS 26.2, iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, and Safari 26.2.

Added: Jan 9, 2026, 10:19 PM

Updated: Jan 9, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Memory Initialization Vulnerability Allowing Internal State Disclosure

Vulnerability

Impact

Remediation

Affected Products

Apple tvOS

Apple watchOS

Apple visionOS

Apple iPadOS

Apple macOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating