A vulnerability marked as problematic has been reported in Apple Safari, iOS, iPadOS and macOS up to 26.5.1 . Affected by this issue is some unknown functionality of the component Website Handler . This manipulation causes permissive cross-domain policy with untrusted domains. The identification of this vulnerability is CVE-2026-43735 . It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.