Memory Corruption Vulnerability in Apple Software Products
CVE-2025-31277
Key Information:
- Vendor
Apple
- Vendor
- CVE Published:
- 30 July 2025
Badges
What is CVE-2025-31277?
A memory corruption vulnerability has been identified in several Apple operating systems. This issue arises from improper memory handling during the processing of maliciously crafted web content, potentially leading to system instability or unauthorized access. Apple has implemented necessary fixes across multiple releases, ensuring enhanced protection for users against exploitation through affected versions of watchOS, visionOS, iOS, iPadOS, macOS, and tvOS. It is crucial for users to update their devices to the latest software versions to mitigate this risk.
CISA has reported CVE-2025-31277
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-31277 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
iOS and iPadOS 0 < 18.6
macOS 0 < 15.6
Safari 0 < 18.6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- π°
First article discovered by BleepingComputer
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published