CVE-2025-24192
📋 TL;DR
A script imports isolation vulnerability in Apple WebKit allows malicious websites to bypass security boundaries and access sensitive data from other websites or browser sessions. This affects users of Safari, iOS, iPadOS, visionOS, and macOS who visit compromised or malicious websites.
💻 Affected Systems
- Safari
- iOS
- iPadOS
- visionOS
- macOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal authentication tokens, session cookies, personal data, or financial information from other websites the user has open, potentially leading to account takeover and identity theft.
Likely Case
Targeted data exfiltration from specific websites where users are logged in, such as email, social media, or banking sites, enabling credential harvesting and session hijacking.
If Mitigated
With proper browser isolation and up-to-date patches, the attack surface is limited to unpatched systems visiting malicious sites, with minimal impact on patched environments.
🎯 Exploit Status
Exploitation requires user interaction (visiting a malicious website) but no authentication. Public disclosure suggests exploit code may be available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Safari 18.4, iOS 18.4, iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4
Vendor Advisory: https://support.apple.com/en-us/122371
Restart Required: Yes
Instructions:
1. Open Settings (iOS/iPadOS/visionOS) or System Settings (macOS). 2. Navigate to General > Software Update. 3. Install the latest available update. 4. Restart the device when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent script execution that could exploit the vulnerability.
Safari > Settings > Security > uncheck 'Enable JavaScript'
Use Alternative Browser
allSwitch to a non-WebKit based browser (e.g., Firefox, Chrome) until Apple devices are patched.
🧯 If You Can't Patch
- Implement network filtering to block known malicious websites and restrict browsing to trusted domains only.
- Enforce strict browser isolation policies and educate users to avoid visiting untrusted websites.
🔍 How to Verify
Check if Vulnerable:
Check the Safari or OS version against affected versions. On macOS: Safari > About Safari. On iOS/iPadOS/visionOS: Settings > General > About.Check Version:
macOS: sw_vers -productVersion; iOS/iPadOS/visionOS: Check in Settings > General > About; Safari: defaults read /Applications/Safari.app/Contents/Info.plist CFBundleShortVersionStringVerify Fix Applied:
Confirm the device is running Safari 18.4, iOS 18.4, iPadOS 18.4, visionOS 2.4, or macOS Sequoia 15.4 or later.📡 Detection & Monitoring
Log Indicators:
- Unusual cross-origin resource access in web server logs
- Suspicious JavaScript import patterns in browser developer tools
Network Indicators:
- Unexpected data exfiltration to unknown domains from browser sessions
- Increased traffic to suspicious websites
SIEM Query:
source="web_proxy" AND (url="*malicious-domain*" OR method="POST" AND dest_ip NOT IN trusted_ips) AND user_agent="*Safari*"🔗 References
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122378
- https://support.apple.com/en-us/122379
- http://seclists.org/fulldisclosure/2025/Apr/12
- http://seclists.org/fulldisclosure/2025/Apr/2
- http://seclists.org/fulldisclosure/2025/Apr/4
- http://seclists.org/fulldisclosure/2025/Apr/8
