CVE-2025-24209

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Affected products

Apple / iOS and iPadOS0 – 18.4
Apple / iPadOS0 – 17.7.6
Apple / macOS0 – 15.4
Apple / Safari0 – 18.4
Apple / tvOS0 – 18.4
Apple / watchOS0 – 11.4

References

VENDOR_ADVISORYhttps://support.apple.com/en-us/122371
VENDOR_ADVISORYhttps://support.apple.com/en-us/122372
VENDOR_ADVISORYhttps://support.apple.com/en-us/122373
VENDOR_ADVISORYhttps://support.apple.com/en-us/122376
VENDOR_ADVISORYhttps://support.apple.com/en-us/122377
VENDOR_ADVISORYhttps://support.apple.com/en-us/122379