Apple Safari 18.6 Security Update: Fixes for libxml2/WebKit Memory Corruption and Address Bar Spoofing (CVE-2025-7435, CVE-2025-43228)

Critical Vulnerability Information Safari 18.6 libxml2 - Impact: Processing maliciously crafted web content may lead to memory corruption. - Description: This is a vulnerability in open-source code; Apple software is one of the affected projects. The CVE-ID was assigned by a third party. - CVE: 2025-7435, Sergei Glazunov of Google Project Zero libsasl - Impact: Processing maliciously crafted web content may lead to memory corruption. - Description: This is a vulnerability in open-source code; Apple software is one of the affected projects. The CVE-ID was assigned by a third party. - CVE: 2025-7424, Ivan Fratric of Google Project Zero Safari - Impact: Processing maliciously crafted web content may lead to unexpected Safari crashes. - Description: A logic issue has been resolved via improved checks. - CVE: 2025-28108, Arne Sjogrenberger & Ro Artbergen of NCC Group Labs WebKit - Impact: Processing maliciously crafted web content may lead to out-of-bounds access errors. - Description: This issue has been resolved via improved state management. - Webkit Bug: 239586 WebKit - Impact: Visiting malicious websites may lead to address bar spoofing. - Description: This issue has been resolved via improved UI handling. - Webkit Bug: 239574 - CVE: 2025-43228, Jayden Ayla WebKit - Impact: Downloaded URLs may be incorrectly associated. - Description: A logic issue has been resolved via improved checks. - Webkit Bug: 239582 - CVE: 2025-43240, Syed Muhammad Saqib WebKit - Impact: Processing maliciously crafted web content may lead to memory corruption. - Description: This issue has been resolved via improved memory handling. - Webkit Bug: 239575 WebKit - Impact: Processing web content may lead to service disruption. - Description: This issue has been resolved via improved memory handling. - Webkit Bug: 239570 WebKit - Impact: Processing maliciously crafted web content may lead to exposure of internal state. - Description: An out-of-bounds read error has been resolved via improved input validation. - Webkit Bug: 239582 WebKit - Impact: Processing maliciously crafted web content may lead to unexpected Safari crashes. - Description: This is a vulnerability in open-source code; Apple software is one of the affected projects. The CVE-ID was assigned by a third party. - Webkit Bug: 239583 - CVE: 2025-8068, Clement Lecigne and Xiao Shayanov of Google's Threat Analysis Group

Goal Reached Thanks to every supporter — we hit 100%!

Apple Safari 18.6 Security Update: Fixes for libxml2/WebKit Memory Corruption and Address Bar Spoofing (CVE-2025-7435, CVE-2025-43228)