US-CERT is aware of a vulnerability affecting Apple Safari. By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available.
US-CERT encourages users and administrators to disable JavaScript as detailed in the Securing Your Web Browser document until a fix is provided by the vendor. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.
US-CERT will provide additional information as it becomes available.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…