PT-2025-5317 · Apple+9 · Safari+12
Joaxcar
+1
·
Published
2025-01-27
·
Updated
2025-11-25
·
CVE-2025-24150
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
macOS Sequoia versions prior to 15.3
Safari versions prior to 18.3
iOS versions prior to 18.3
iPadOS versions prior to 18.3
Description
A privacy issue was addressed with improved handling of files. Copying a URL from Web Inspector may lead to command injection. The issue is related to the Web Inspector tool in iOS, iPadOS, macOS, and Safari, which is associated with a lack of data sanitization at the management level. This may allow a remote attacker to execute arbitrary commands.
Recommendations
For macOS Sequoia versions prior to 15.3, update to macOS Sequoia 15.3 to resolve the issue.
For Safari versions prior to 18.3, update to Safari 18.3 to resolve the issue.
For iOS versions prior to 18.3, update to iOS 18.3 to resolve the issue.
For iPadOS versions prior to 18.3, update to iPadOS 18.3 to resolve the issue.
As a temporary workaround, consider avoiding copying URLs from Web Inspector until a patch is available. Restrict access to the Web Inspector tool to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Ios
Ipados