Memory Corruption Vulnerability in Apple Software Products
CVE-2025-31277
Key Information:
Badges
What is CVE-2025-31277?
A memory corruption vulnerability has been identified in several Apple operating systems. This issue arises from improper memory handling during the processing of maliciously crafted web content, potentially leading to system instability or unauthorized access. Apple has implemented necessary fixes across multiple releases, ensuring enhanced protection for users against exploitation through affected versions of watchOS, visionOS, iOS, iPadOS, macOS, and tvOS. It is crucial for users to update their devices to the latest software versions to mitigate this risk.
CISA has reported CVE-2025-31277
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-31277 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
iOS and iPadOS < 18.6
macOS < 15.6
Safari < 18.6
News Articles
References
CVSS V3.1
Timeline
- π°
First article discovered by BleepingComputer
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published