CVE-2025-24162
📋 TL;DR
This vulnerability is an out-of-bounds read (CWE-125) in Apple's WebKit browser engine that could cause unexpected process crashes when processing malicious web content. It affects multiple Apple operating systems and Safari browser versions. Users of affected Apple devices and browsers are vulnerable to denial-of-service attacks.
💻 Affected Systems
- Safari
- visionOS
- iOS
- iPadOS
- macOS Sequoia
- watchOS
- tvOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Complete browser/application crash leading to denial-of-service, potentially disrupting user workflows or enabling further exploitation through crash-based attacks.
Likely Case
Browser tab or application crash when visiting a malicious website, requiring restart of the affected application.
If Mitigated
No impact if patched versions are installed or if malicious content is blocked by security controls.
🎯 Exploit Status
Exploitation requires only visiting a malicious website, making it trivial for attackers to deliver. No authentication or user interaction beyond website access is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3
Vendor Advisory: https://support.apple.com/en-us/122066
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest available update. 4. Restart device when prompted. For macOS: 1. Open System Settings. 2. Go to General > Software Update. 3. Download and install the latest update. 4. Restart when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent exploitation, though this will break many websites.
Safari > Settings > Security > uncheck 'Enable JavaScript'
Use Alternative Browser
allUse a non-WebKit based browser until patches are applied.
🧯 If You Can't Patch
- Implement web content filtering to block known malicious websites
- Educate users to avoid clicking suspicious links and to use alternative browsers temporarily
🔍 How to Verify
Check if Vulnerable:
Check current OS/browser version against affected versions list. On Apple devices: Settings > General > About > Software Version. In Safari: Safari > About Safari.Check Version:
On macOS: sw_vers. On iOS/iPadOS: Settings > General > About > Software Version. In Safari: Safari > About Safari.Verify Fix Applied:
Verify installed version matches or exceeds patched versions: visionOS 2.3+, Safari 18.3+, iOS 18.3+, iPadOS 18.3+, macOS Sequoia 15.3+, watchOS 11.3+, tvOS 18.3+.📡 Detection & Monitoring
Log Indicators:
- Application crash logs for Safari/WebKit processes
- Unexpected browser termination events
- Web content process crash reports
Network Indicators:
- Multiple users accessing same malicious domain
- Unusual traffic patterns to newly registered domains
SIEM Query:
source="*crash*" AND process="Safari" OR process="WebKit" AND event="crash"🔗 References
- https://support.apple.com/en-us/122066
- https://support.apple.com/en-us/122068
- https://support.apple.com/en-us/122071
- https://support.apple.com/en-us/122072
- https://support.apple.com/en-us/122073
- https://support.apple.com/en-us/122074
- http://seclists.org/fulldisclosure/2025/Jan/13
- http://seclists.org/fulldisclosure/2025/Jan/15
- http://seclists.org/fulldisclosure/2025/Jan/18
- http://seclists.org/fulldisclosure/2025/Jan/20
- https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html
