CVE-2025-24201

Published Mar 11, 2025

Last updated 4 months ago

Apple

WebKit

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-24201 is a zero-day vulnerability found in Apple's WebKit browser engine. This vulnerability allows attackers to bypass the Web Content sandbox using maliciously crafted web content. It affects various Apple devices and operating systems, including iOS, macOS, iPadOS, visionOS, and Safari, as well as Linux and Windows systems where WebKit is utilized. The vulnerability is an out-of-bounds write issue, and Apple has addressed it with improved checks in updates iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. This zero-day vulnerability was reportedly exploited in highly sophisticated attacks targeting specific individuals before the release of iOS 17.2, which contained a partial mitigation. While the attacks were not widespread, Apple urges users to install the latest security updates to prevent further exploitation attempts. The vulnerability was discovered by Bill Marczak of The Citizen Lab at the University of Toronto. It affects a wide range of Apple devices, including iPhone XS and later, several iPad models, Macs running macOS Sequoia, and Apple Vision Pro.

Description: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
Source: product-security@apple.com
NVD status: Analyzed
Products: safari, ipados, iphone_os, macos, visionos, watchos

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Known exploits

Data from CISA

Vulnerability name: Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Exploit added on: Mar 13, 2025
Exploit action due: Apr 3, 2025
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov: CWE-787
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC8CB32A-507F-4526-9A68-9EA9AB85C646",
            "versionEndExcluding": "18.3.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55451F51-7F26-4638-9B29-E043181E948F",
            "versionEndExcluding": "18.3.2"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26C959CA-A2A5-4395-9767-7E39C8213F25",
            "versionEndExcluding": "18.3.2"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC6B27F0-BB95-4860-9C8E-937DBF0BF718",
            "versionEndExcluding": "15.3.2"
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "255ACD01-52C3-49B2-8641-A22E088D852E",
            "versionEndExcluding": "2.3.2"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:11.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "370257A2-190F-4C73-96C6-BEE519ABC5E4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C32EB838-0B97-434D-8829-369024A1326F",
            "versionEndExcluding": "15.8.4",
            "versionStartIncluding": "15.8"
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A50D487F-C9F0-44CF-9571-A3C117D0D9C2",
            "versionEndExcluding": "16.7.11",
            "versionStartIncluding": "16.7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DAC3C9E-0243-44FC-A507-CDDA0632E3DE",
            "versionEndExcluding": "15.8.4",
            "versionStartIncluding": "15.8"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23C45ED7-2EA2-4EDA-9277-BB56F7882C6D",
            "versionEndExcluding": "16.7.11",
            "versionStartIncluding": "16.7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.