Primary

Context

Apple WebKit Out-of-Bounds Vulnerability in Keynote and macOS

Vulnerability

Patched

A vulnerability allowing memory contents to be disclosed has been identified in WebKit, the engine used by Keynote and various macOS applications. This issue arises from improper bounds checks when processing maliciously crafted media files, particularly in Keynote 15.1 and macOS Tahoe 26. The vulnerability is present in several Apple products, including Mac and iOS devices with Apple silicon or specific Intel-based MacBook Pro models.

Impact

Exploitation of this vulnerability could lead to unauthorized memory access, potentially allowing for memory contents to be read or manipulated.

Remediation

Users can update to Keynote 15.1 on macOS Sequoia 15.6 and later, or to macOS Tahoe 26, both of which include the necessary fix.

Added: Jan 28, 2026, 6:31 PM

Updated: Jan 28, 2026, 6:31 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Out-of-Bounds Vulnerability in Keynote and macOS

Vulnerability

Impact

Remediation

Affected Products

Apple macOS Tahoe

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating