Primary

Context

Apple WebKit Out-of-Bounds Read Vulnerability Allowing Memory Disclosure

Vulnerability

Patched

A vulnerability in WebKit, the engine used by Safari and other Apple applications, allows for an out-of-bounds read that could lead to the disclosure of process memory. This issue was introduced by a logic error in the handling of media files, which could be exploited by processing a maliciously crafted file. The vulnerability is present in several Apple products, including iOS 26.1, iPadOS 26.1, Pages 15.1, and macOS Tahoe 26.1.

Impact

Exploitation of this vulnerability could result in unexpected application termination or unauthorized access to process memory, potentially leading to the disclosure of sensitive information.

Added: Jan 28, 2026, 6:26 PM

Updated: Jan 28, 2026, 8:42 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

4.2

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

4.2

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Out-of-Bounds Read Vulnerability Allowing Memory Disclosure

Vulnerability

Impact

Affected Products

Apple Pages

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating