CVE-2025-30427: 
Apple Safari vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-30427) was discovered in WebKit, affecting multiple Apple operating systems. The vulnerability was disclosed on March 31, 2025, and fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, and Safari 18.4. The issue was identified by security researcher rheza (@ginggilBesel) and tracked as WebKit Bugzilla: 285643 (Apple Security, NVD).

The vulnerability is a use-after-free issue in WebKit that occurs during the processing of web content. The problem was addressed by implementing improved memory management. The vulnerability received a CVSS 3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L. The issue is classified under CWE-416 (Use After Free) (NVD).

When exploited, this vulnerability can lead to an unexpected Safari crash when processing maliciously crafted web content. The impact is primarily focused on application availability, with no reported data confidentiality or integrity breaches (Apple Security).

Apple has released patches for all affected systems in the following versions: visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, and Safari 18.4. Users are advised to update their systems to these versions to mitigate the vulnerability (Apple Security).