CVE-2025-24158: 
Apple Safari vulnerability analysis and mitigation

A WebKit vulnerability (CVE-2025-24158) was discovered and patched in January 2025. The vulnerability affects multiple Apple operating systems and devices, including visionOS 2.3, Safari 18.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3. The issue was identified by researchers Q1IQ of NUS CuriOSity and P1umer of Imperial Global Singapore (Apple Support).

The vulnerability is related to memory handling issues in WebKit, Apple's browser engine. When processing web content, the vulnerability could lead to a denial-of-service condition. The issue was addressed with improved memory handling implementation. The vulnerability was tracked in WebKit Bugzilla under ID 283889 (Apple Support).

The primary impact of this vulnerability is that processing malicious web content may lead to a denial-of-service condition, potentially causing system disruption or unexpected application termination. This affects users across multiple Apple platforms and devices who process web content through WebKit-based browsers or applications (Red Hat).

Apple has addressed the vulnerability by implementing improved memory handling in the affected systems. Users are advised to update to the following versions: visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, or tvOS 18.3, depending on their device (NVD).