CVE-2025-31223: 
Apple Safari vulnerability analysis and mitigation

CVE-2025-31223 is a memory corruption vulnerability discovered in Apple's WebKit engine that affects multiple Apple operating systems and devices. The vulnerability was disclosed on May 12, 2025, and was identified by Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs. The issue affects watchOS 11.5, tvOS 18.5, iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, and Safari 18.5 (Apple iOS, Apple Safari).

The vulnerability exists in WebKit, Apple's browser engine, where processing maliciously crafted web content may lead to memory corruption. The issue was addressed with improved checks in WebKit (WebKit Bugzilla: 289387). The vulnerability has been assigned a CVSS 3.1 Base Score of 8.0 HIGH with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating significant potential impact (NVD).

The vulnerability could allow an attacker to execute arbitrary code by processing maliciously crafted web content, potentially leading to memory corruption. This affects multiple Apple devices and operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari browser (Apple Safari, Apple iOS).

Apple has addressed this vulnerability by implementing improved checks in the affected systems. Users are advised to update to the following versions: watchOS 11.5, tvOS 18.5, iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, and Safari 18.5. These updates are available for all supported devices (Apple iOS, Apple Safari).