SecuriTricks - CVE-2025-24264

Description

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Product(s) Impacted

Vendor	Product	Versions
Apple	Visionos Tvos Ipados Ios Macos Sequoia Safari	2.4 18.4 17.7.6, 18.4 18.4 15.4 18.4

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	apple	visionos	2.4	/	/	/	/	/	/	/
a	apple	tvos	18.4	/	/	/	/	/	/	/
a	apple	ipados	17.7.6	/	/	/	/	/	/	/
a	apple	ipados	18.4	/	/	/	/	/	/	/
a	apple	ios	18.4	/	/	/	/	/	/	/
a	apple	macos_sequoia	15.4	/	/	/	/	/	/	/
a	apple	safari	18.4	/	/	/	/	/	/	/

References

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122372

https://support.apple.com/en-us/122373

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122378

https://support.apple.com/en-us/122379

CVSS Score

9.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: March 31, 2025, 11:15 p.m.
Last Modified: April 1, 2025, 8:26 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

CVE-2025-24264