IsItPatchedInstant security status for any software version
← All products

Apple Safari

Apple · Browser
5/100 Critical · exploited

Summary iPlain-English security verdict for Apple Safari, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Apple Safari currently scores 5/100 — critical, with active exploitation. 27 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2019-8506. Upgrade immediately and review your exposure to the actively-exploited CVEs below. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".

Disclosure trend iNew CVEs published for Apple Safari each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2019-8506 HIGH ● exploited CWE-843 EPSS 8% → fixed in 12.1 CVE-2022-22620 HIGH ● exploited Use-after-free EPSS 4% → fixed in 15.3 CVE-2023-32439 HIGH ● exploited CWE-843 EPSS 1% → fixed in 16.5.1 CVE-2024-44308 HIGH ● exploited EPSS 1% → fixed in 18.1.1 CVE-2021-30663 HIGH ● exploited Integer overflow EPSS 1% → fixed in 14.1.1 CVE-2024-44309 MEDIUM ● exploited Cross-site scripting (XSS) EPSS 1% → fixed in 18.1.1 CVE-2021-30952 HIGH ● exploited Integer overflow EPSS 1% → fixed in 15.2 CVE-2024-23222 HIGH ● exploited CWE-843 EPSS 1% → fixed in 17.3 CVE-2023-32435 HIGH ● exploited Out-of-bounds write EPSS 0% → fixed in 16.4 CVE-2025-6558 HIGH ● exploited Improper input validation EPSS 0% → fixed in 18.6 CVE-2023-32409 HIGH ● exploited EPSS 0% → fixed in 16.5 CVE-2025-14174 HIGH ● exploited Out-of-bounds write EPSS 0% → fixed in 26.2

ℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping

Last checked: Wed, 10 Jun 2026 22:18:30 UTC