CVE-2025-24158 – This CVE describes a memory handling vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-24158?

CVE-2025-24158 has a CVSS score of 6.5 (MEDIUM). This CVE describes a memory handling vulnerability in Apple's web content processing that could lead to denial-of-service. It affects multiple Apple operating systems and Safari browser. Users running vulnerable versions of visionOS, iOS, iPadOS, macOS, watchOS, tvOS, or Safari are at risk.

📋 TL;DR

This CVE describes a memory handling vulnerability in Apple's web content processing that could lead to denial-of-service. It affects multiple Apple operating systems and Safari browser. Users running vulnerable versions of visionOS, iOS, iPadOS, macOS, watchOS, tvOS, or Safari are at risk.

💻 Affected Systems

Products:

visionOS
Safari
iOS
iPadOS
macOS Sequoia
watchOS
tvOS

Versions: Versions prior to visionOS 2.3, Safari 18.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3

Operating Systems: visionOS, iOS, iPadOS, macOS, watchOS, tvOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Apple products are vulnerable. The vulnerability is in web content processing components.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or application termination when processing malicious web content, potentially causing data loss or service disruption.

🟠

Likely Case

Browser or application crash when visiting a malicious website, requiring restart of the affected application.

🟢

If Mitigated

Minimal impact with proper patching and security controls in place.

🌐 Internet-Facing: HIGH - Exploitation requires processing web content, which is common for internet-facing systems.

🏢 Internal Only: MEDIUM - Internal users could be targeted via malicious internal web content or phishing.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (visiting malicious website) but no authentication. Apple has addressed the issue, suggesting potential for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3

Vendor Advisory: https://support.apple.com/en-us/122066

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Install available updates for your Apple device. 4. Restart device if prompted.

🔧 Temporary Workarounds

Disable JavaScript

macos

Temporarily disable JavaScript in Safari to prevent web content processing vulnerabilities.

Safari > Preferences > Security > Uncheck 'Enable JavaScript'

Use Alternative Browser

all

Use a non-Safari browser until patches are applied.

🧯 If You Can't Patch

Implement web content filtering to block malicious sites
Restrict access to untrusted websites and enforce safe browsing policies

🔍 How to Verify

Check if Vulnerable:

Check current OS/browser version against vulnerable versions listed in affected_systems.versions

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version, Safari: Safari > About Safari

Verify Fix Applied:

Verify OS/browser version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

Application crash logs mentioning Safari/WebKit processes
System logs showing unexpected application termination

Network Indicators:

Multiple requests to suspicious domains followed by application crashes

SIEM Query:

source="apple_system_logs" AND (process="Safari" OR process="WebKit") AND event="crash"

📊 Metadata

CVE ID: CVE-2025-24158

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-79

EPSS Score: 1.38% exploit probability (80th percentile)

Published: January 27, 2025

Last Updated: November 3, 2025

🔗 References

https://support.apple.com/en-us/122066 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122068 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122071 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122072 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122073 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122074 Release Notes,Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jan/13
http://seclists.org/fulldisclosure/2025/Jan/15
http://seclists.org/fulldisclosure/2025/Jan/18
http://seclists.org/fulldisclosure/2025/Jan/20
https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24158, you might also want to check these: