Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 1
1 unique sources, 1 articles

Summary

Hide ▲

WebKit now has four patched vulnerabilities, including CVE-2026-43707, CVE-2026-43716, CVE-2026-43745, and CVE-2026-43715, that can be triggered by maliciously crafted web content. The flaws span memory corruption, out-of-bounds write, and use-after-free conditions, creating crash and corruption risk in Safari and other WebKit-based surfaces. Apple said none of the issues were actively exploited in the wild and fixed them in iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2.

Related Happenings

Coruna watering-hole and fake-site exploitation campaign

Campaign
H score44 First: 26.03.2026 13:07 Last: 26.03.2026 13:07 Sources 1

About this happening: A suspected **Russia-aligned nation-state actor** is using **Coruna** in **watering-hole attacks in Ukraine** and a **mass exploitation campaign**, expanding the kit’s abuse beyon...

Open Happening

CISA BOD 22-01 order for FCEB iOS patching

Public Sector Action
H score38 First: 23.03.2026 10:37 Last: 23.03.2026 10:37 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure devices against **DarkSword-linked iOS flaws**, tightening federal exposure to attacks that enabled **sandbox escape** and **remote co...

Open Happening

CISA KEV remediation order for five exploited Apple, Craft CMS, and Laravel Livewire flaws

Advisory/Mitigation
H score52 First: 21.03.2026 10:25 Last: 21.03.2026 10:25 Sources 1

About this happening: **CISA** added **five exploited flaws** affecting **Apple**, **Craft CMS**, and **Laravel Livewire** to the **KEV catalog**, creating an urgent remediation requirement for federal...

Open Happening

DarkSword operators phishing and watering-hole campaign

Campaign
H score89 First: 18.03.2026 23:15 Last: 18.03.2026 23:15 Sources 1

About this happening: **DarkSword** operators ran a **cross-border phishing and watering-hole campaign** using an **iPhone exploit chain** against users in **Saudi Arabia** and **Ukraine**, with additi...

Open Happening

DarkSword iPhone exploit chain exploitation wave

Exploitation Wave
H score89 First: 18.03.2026 23:15 Last: 18.03.2026 23:15 Sources 1

About this happening: **DarkSword** is an **active iPhone exploitation wave** targeting **iOS 18.4 through iOS 18.7**, with **Apple** expanding **iOS 18.7.7** and **iPadOS 18.7.7** to more older device...

Latest development: 02.04.2026 16:30

Apple broadened availability of iOS 18.7.7 and iPadOS 18.7.7 on April 1 to more devices still running iOS 18, including iPhone XR through iPhone 16 models, iPhone SE (2nd and 3rd generation), and multiple iPad models, so they can receive security patches against DarkSword web-based watering hole attacks that can deploy malware after a user visits a compromised website. Apple also began sending lock screen notifications to users running older software, urging installation of the latest security updates.

Open Happening

Timeline

  1. 30.06.2026 10:15 2 articles · 2h ago

    Apple releases iOS, macOS, and Safari security updates for WebKit flaws

    Mitigation Patch Update

    Apple released security updates for iOS, iPadOS, macOS Tahoe, and Safari 26.5.2 to address over three dozen flaws, including four WebKit vulnerabilities tracked as CVE-2026-43707, CVE-2026-43716, CVE-2026-43745, and CVE-2026-43715. The bugs involved memory corruption, an unexpected Safari crash, an out-of-bounds write, and a use-after-free condition triggered by maliciously crafted web content, and Apple said none of the patched vulnerabilities had been disclosed as actively exploited in the wild.

    Show sources
    Open in new tab