CVE-2025-24223: 
Apple Safari vulnerability analysis and mitigation

CVE-2025-24223 is a memory corruption vulnerability in WebKit that affects multiple Apple operating systems. The vulnerability was discovered by rheza (@ginggilBesel) and an anonymous researcher, and was disclosed on May 12, 2025. The affected systems include watchOS 11.5, tvOS 18.5, iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, and Safari 18.5 (Apple Security Updates, Apple Safari).

The vulnerability exists in WebKit, Apple's browser engine. When processing maliciously crafted web content, it can lead to memory corruption. The issue was addressed with improved memory handling and is tracked under WebKit Bugzilla ID 287577. The vulnerability has received a CVSS v3.1 Base Score of 8.0 HIGH with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability allows processing of maliciously crafted web content that may lead to memory corruption. This could potentially result in arbitrary code execution within the context of the WebKit process (Apple Security Updates).

Apple has addressed this vulnerability by improving memory handling in the affected systems. Users are advised to update to watchOS 11.5, tvOS 18.5, iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, or Safari 18.5, depending on their device (Apple Security Updates, Apple Safari).