Apple
Safari
See the latest tracked release, confirm when it was published, and subscribe for update emails.
26.4
- Release date
- March 24, 2026
- CVE status
- 3 visible CVEs
Source
Public release notes are linked for the latest stored release.
Release history
See the latest published releases stored for this product.
| Version | Published | Notes |
|---|---|---|
| 26.4 | 2026-03-24 | Release Notes |
| 26.3 | 2026-02-11 | Release Notes |
Vulnerability tracking
Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.
| CVE | Severity | Published | Status | Summary |
|---|---|---|---|---|
| CVE-2023-43010 | HIGH (8.8) | 2026-03-12 | Current versionnot affected | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption. Affected versions
|
| CVE-2026-20660 | HIGH (7.5) | 2026-02-11 | Current versionnot affected | A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A remote user may be able to write arbitrary files. Affected versions
|
| CVE-2026-20652 | HIGH (7.5) | 2026-02-11 | Current versionnot affected | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service. Affected versions
|