PT-2025-10859 · Apple +10 · Safari +15

Gary Kwong

·

Published

2025-03-11

·

Updated

2025-09-17

·

CVE-2025-24201

CVSS v2.0
10
VectorAV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions:

visionOS versions prior to 2.3.2

iOS versions prior to 18.3.2

iPadOS versions prior to 18.3.2

macOS Sequoia versions prior to 15.3.2

Safari versions prior to 18.3.1

Description:

A critical vulnerability in the WebKit browser engine allows attackers to escape the Web Content sandbox, potentially leading to the execution of malicious code. This issue has been exploited in extremely sophisticated attacks against specific targeted individuals. The vulnerability is related to an out-of-bounds write issue when processing web content.

Recommendations:

Update to visionOS 2.3.2 or later to fix the vulnerability.

Update to iOS 18.3.2 or later to fix the vulnerability.

Update to iPadOS 18.3.2 or later to fix the vulnerability.

Update to macOS Sequoia 15.3.2 or later to fix the vulnerability.

Update to Safari 18.3.1 or later to fix the vulnerability.

Exploit

Fix

RCE

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025:2863
ALSA-2025:2864
ALT-PU-2025-7543
ALT-PU-2025-8547
BDU:2025-02568
CESA-2025_2863
CVE-2025-24201
DLA-4218-1
DSA-5877-1
DSA-5885-1
INFSA-2025_2863
INFSA-2025_2864
OPENSUSE-SU-2025_0974-1
OPENSUSE-SU-2025_0975-1
OPENSUSE-SU-2025_1033-1
OPENSUSE-SU-2025_1149-1
RHSA-2025:10364
RHSA-2025:2863
RHSA-2025:2864
RHSA-2025:2997
RHSA-2025:2998
RHSA-2025:3000
RHSA-2025:3001
RHSA-2025:3002
RHSA-2025:3005
RHSA-2025:3034
RHSA-2025_2863
RHSA-2025_2864
SUSE-SU-2025:02777-1
SUSE-SU-2025:0974-1
SUSE-SU-2025:0975-1
SUSE-SU-2025:0993-1
SUSE-SU-2025:1023-1
SUSE-SU-2025:1033-1
SUSE-SU-2025:1149-1
SUSE-SU-2025_0974-1
SUSE-SU-2025_0975-1
SUSE-SU-2025_0993-1
SUSE-SU-2025_1023-1
USN-7395-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Ios
Ipados
Macos Sequoia
Visionos