Memory Handling Vulnerability in Safari and Apple Platforms
CVE-2025-24264

9.8CRITICAL

Key Information:

Vendor: Apple
Status: TV OS; iOS And iPad OS; iPad OS; Mac OS
Vendor: CVE Published:; 31 March 2025

What is CVE-2025-24264?

A vulnerability in Safari has been identified, where maliciously crafted web content can lead to an unexpected crash. This issue stems from improper memory handling, impacting platforms such as visionOS, iOS, iPadOS, tvOS, and macOS. Users are encouraged to update their devices to versions including visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4, macOS Sequoia 15.4, and Safari 18.4 to mitigate this risk.

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

References

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122372

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Jan 17, 2025