CVE-2025-24213: 
Apple Safari vulnerability analysis and mitigation

CVE-2025-24213 is a type confusion vulnerability discovered in WebKit that could lead to memory corruption. The vulnerability was disclosed on March 31, 2025, and affects multiple Apple operating systems including tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. The issue was identified by the Google V8 Security Team (Apple Support, NVD).

The vulnerability is classified as a type confusion issue that could lead to memory corruption. The root cause was related to improper handling of floats in WebKit. The issue has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is tracked under WebKit Bugzilla ID 286694 (CISA-ADP, Apple Support).

The vulnerability could allow an attacker to cause memory corruption through type confusion, potentially leading to arbitrary code execution or system compromise. The high CVSS score indicates that successful exploitation could result in significant impact on the confidentiality, integrity, and availability of the affected system (CISA-ADP).

Apple has addressed this vulnerability by improving the handling of floats in WebKit. The fix is available in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, and macOS Sequoia 15.4. Users are advised to update their systems to the latest versions to mitigate this vulnerability (Apple Support, NVD).