CVE-2025-24264: 
Apple Safari vulnerability analysis and mitigation

CVE-2025-24264 is a security vulnerability affecting multiple Apple operating systems and Safari browser, discovered and disclosed on March 31, 2025. The vulnerability affects visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, and Safari 18.4. The issue was identified by Gary Kwong and an anonymous researcher (Apple Support).

The vulnerability is related to memory handling issues in WebKit, Apple's browser engine. When processing maliciously crafted web content, the vulnerability can lead to an unexpected Safari crash. The issue was tracked in WebKit Bugzilla under ID 285892. The vulnerability has received a CVSS 3.1 Base Score of 9.8 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, as assessed by CISA-ADP. The vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption) (NVD).

The primary impact of this vulnerability is that processing maliciously crafted web content may lead to an unexpected Safari crash. This affects users across multiple Apple platforms including iOS, iPadOS, macOS, tvOS, and visionOS (Apple Support).

Apple has addressed this vulnerability by improving memory handling in the affected systems. The fix has been implemented in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, and Safari 18.4. Users are advised to update their devices to these versions to mitigate the vulnerability (Apple Support).