PT-2025-5327 · Apple+9 · Webkit+17

Chluo

+1

·

Published

2025-01-27

·

Updated

2025-11-25

·

CVE-2025-24162

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions visionOS versions prior to 2.3 Safari versions prior to 18.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 macOS Sequoia versions prior to 15.3 watchOS versions prior to 11.3 tvOS versions prior to 18.3
Description Processing maliciously crafted web content may lead to an unexpected process crash. The issue is related to insufficient input validation in the WebKit component of the Safari browser in macOS, iOS, iPadOS, tvOS, visionOS, and watchOS operating systems. This may allow a remote attacker to cause a denial of service.
Recommendations For visionOS versions prior to 2.3, update to visionOS 2.3. For Safari versions prior to 18.3, update to Safari 18.3. For iOS versions prior to 18.3, update to iOS 18.3. For iPadOS versions prior to 18.3, update to iPadOS 18.3. For macOS Sequoia versions prior to 15.3, update to macOS Sequoia 15.3. For watchOS versions prior to 11.3, update to watchOS 11.3. For tvOS versions prior to 18.3, update to tvOS 18.3.

Fix

Out of bounds Read

RCE

Weakness Enumeration

CWE-125CWE-20

Related Identifiers

ALSA-2025:2034
ALSA-2025:2035
BDU:2025-01247
CESA-2025_2034
CVE-2025-24162
DLA-4051-1
DSA-5865-1
INFSA-2025_2034
INFSA-2025_2035
MGASA-2025-0313
OPENSUSE-SU-2025_0638-1
OPENSUSE-SU-2025_0691-1
RHSA-2025:10364
RHSA-2025:1957
RHSA-2025:1958
RHSA-2025:1959
RHSA-2025:1960
RHSA-2025:2034
RHSA-2025:2035
RHSA-2025:2121
RHSA-2025:2125
RHSA-2025:2126
RHSA-2025_2034
RHSA-2025_2035
SUSE-SU-2025:0638-1
SUSE-SU-2025:0639-1
SUSE-SU-2025:0691-1
SUSE-SU-2025:0735-1
USN-7279-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Webkit
Ios
Ipados
Macos Sequoia
Tvos
Visionos
Watchos