CVE-2025-24189: 
Apple Safari vulnerability analysis and mitigation

CVE-2025-24189 is a security vulnerability affecting multiple Apple operating systems and Safari browser, discovered and disclosed in May 2025. The vulnerability affects Safari 18.3, visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3. The issue involves processing maliciously crafted web content that may lead to memory corruption (Apple Support, NVD).

The vulnerability is classified as a memory corruption issue (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in the WebKit component. The issue was addressed with improved checks, as referenced in WebKit Bugzilla ticket 284332. The vulnerability has received a CVSS 3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability allows processing of maliciously crafted web content that can lead to memory corruption. This could potentially result in arbitrary code execution within the context of the WebKit process, affecting the confidentiality, integrity, and availability of the system (Apple Support).

Apple has addressed this vulnerability by implementing improved checks in the affected systems. The fix is available in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3. Users are advised to update their devices to these versions to mitigate the risk (Apple Support).