Memory Handling Flaw in Apple Safari and Related Products
CVE-2025-24216

4.3MEDIUM

Key Information:

Vendor: Apple
Status: TV OS; iOS And iPad OS; iPad OS; Mac OS
Vendor: CVE Published:; 31 March 2025

What is CVE-2025-24216?

A memory handling flaw in Apple Safari and associated products can be exploited through maliciously crafted web content, leading to unexpected application crashes. This issue has been addressed in several updates, including visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4, macOS Sequoia 15.4, and Safari 18.4. Users are encouraged to update their devices to mitigate the risks associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

References

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122372

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Jan 17, 2025