Web Content Processing Flaw in Apple Products
CVE-2025-24162

9.8CRITICAL

Key Information:

Vendor: Apple
Status: Visionos; TV OS; Mac OS; Safari
Vendor: CVE Published:; 27 January 2025

Summary

This vulnerability pertains to a flaw in the processing of specially crafted web content across various Apple products. This issue can lead to unexpected process crashes, affecting the usability and security of the devices involved. The flaw was addressed with improved state management techniques in recent software updates, ensuring more robust handling of web content.

Affected Version(s)

iOS and iPadOS < 18.3

macOS < 15.3

Safari < 18.3

References

https://support.apple.com/en-us/122073

https://support.apple.com/en-us/122072

https://support.apple.com/en-us/122068

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 17, 2025