Shodan
Vulnerabilities
Vulnerable Software
Apple:  >> Safari  >> 18.6  Security Vulnerabilities
CVE-2025-43368
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-15
CVE-2025-43356
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-15
CVE-2025-43342
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-09-15
CVE-2025-43343
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26, Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-09-15
CVE-2025-43327
The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-15
CVE-2025-43272
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-15
CVE-2025-31254
This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-15
CVE-2016-7153
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
CVSS Score
5.3
EPSS Score
0.023
Published
2016-09-06
CVE-2016-7152
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
CVSS Score
5.3
EPSS Score
0.023
Published
2016-09-06
CVE-2016-4604
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
CVSS Score
5.4
EPSS Score
0.004
Published
2016-07-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved