Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
PoC: CVE-2025-43529
exploit for cve-2025-43529
PoC: cve-2025-43529-arbitrary-ref
A demonstration of arbitrary address referencing using cve-2025-43529
PoC: CVE-2025-43529-no-forked
CVE-2025-43529 safari fakeobj
PoC: bugtest
CVE-2025-43529 Test
PoC: CVE-2025-43529
Root Cause Analysis for CVE-2025-43529, a UAF vulnerability due to incorrect DFG StoreBarrierInsertionPhase in JavaScriptCore.
PoC: CTT-Apple-Silicon-Refraction
webkit_refraction.js (The 33-Layer WebGL Payload) 鈥婽his JavaScript payload uses the \alpha constant to create a high-frequency "Memory Shiver." It induces the Use-After-Free (UAF) in CVE-2025-43529 by desynchronizing the WebKit garbage collector from the GPU's Metal command buffer.
PoC: Convergent-Time-Theory-Enhanced-iOS-Safari-RCE-CVE-2025-43529-
CTT-Enhanced iOS Safari Exploit (based on CVE-2025-43529)
PoC: sakyu7.github.io
馃攳 Analyze WebKit and ANGLE vulnerabilities with this repository for CVE-2025-43529 and CVE-2025-14174, focusing on verified components and ongoing efforts.
PoC: Analysis
Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari
PoC: WebKit-UAF-ANGLE-OOB-Analysis
Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free