PT-2025-5313 · Apple+9 · Webkit+15

Published

2025-01-17

Updated

2025-11-25

CVE-2025-24143

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18.3 macOS Sequoia versions prior to 15.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 visionOS versions prior to 2.3

Description The issue is related to a lack of authorization procedure in the WebKit component of the Safari browser, affecting macOS, iOS, iPadOS, tvOS, and visionOS operating systems. This may allow a remote attacker to gain unauthorized access to protected information. A maliciously crafted webpage may be able to fingerprint the user.

Recommendations For Safari versions prior to 18.3, update to Safari 18.3 or later. For macOS Sequoia versions prior to 15.3, update to macOS Sequoia 15.3 or later. For iOS versions prior to 18.3, update to iOS 18.3 or later. For iPadOS versions prior to 18.3, update to iPadOS 18.3 or later. For visionOS versions prior to 2.3, update to visionOS 2.3 or later.

Fix

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200

Related Identifiers

ALSA-2025:2034

ALSA-2025:2035

BDU:2025-01262

CESA-2025_2034

CVE-2025-24143

DLA-4051-1

DSA-5865-1

INFSA-2025_2034

INFSA-2025_2035

MGASA-2025-0313

OPENSUSE-SU-2025_0638-1

OPENSUSE-SU-2025_0691-1

RHSA-2025:10364

RHSA-2025:2034

RHSA-2025:2035

RHSA-2025_2034

SUSE-SU-2025:0638-1

SUSE-SU-2025:0639-1

SUSE-SU-2025:0691-1

SUSE-SU-2025:0735-1

USN-7279-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Safari

Suse

Ubuntu

Webkit

Ios

Ipados

Macos Sequoia

Visionos

PT-2025-5313 · Apple+9 · Webkit+15

CVE-2025-24143

Weakness Enumeration

Related Identifiers

Affected Products

References · 90