SecuriTricks - CVE-2025-24201

Description

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

Product(s) Impacted

Vendor	Product	Versions
Apple	Visionos Ios Ipados Macos Safari	2.3.2 18.3.2 18.3.2 15.3.2 18.3.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	apple	visionos	2.3.2	/	/	/	/	/	/	/
o	apple	ios	18.3.2	/	/	/	/	/	/	/
o	apple	ipados	18.3.2	/	/	/	/	/	/	/
o	apple	macos	15.3.2	/	/	/	/	/	/	/
a	apple	safari	18.3.1	/	/	/	/	/	/	/

References

https://support.apple.com/en-us/122281

https://support.apple.com/en-us/122283

https://support.apple.com/en-us/122284

https://support.apple.com/en-us/122285

CVSS Score

7.1 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: March 11, 2025, 6:15 p.m.
Last Modified: March 12, 2025, 9:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

product-security@apple.com

CVE-2025-24201