CVE-2025-31273: 
Apple Safari vulnerability analysis and mitigation

CVE-2025-31273 is a memory corruption vulnerability discovered in Apple's WebKit engine that affects multiple Apple operating systems and Safari browser. The vulnerability was disclosed on July 29, 2025, and affects Safari 18.6, macOS Sequoia 15.6, iOS 18.6, iPadOS 18.6, tvOS 18.6, watchOS 11.6, and visionOS 2.6. The issue was identified by researchers Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei (Apple Security).

The vulnerability is classified as a memory corruption issue in WebKit that occurs when processing maliciously crafted web content. The issue was addressed with improved memory handling. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating it can be exploited remotely with low attack complexity (NVD).

When exploited, the vulnerability allows processing of maliciously crafted web content to lead to memory corruption. This could potentially allow attackers to execute arbitrary code or cause system crashes. The vulnerability affects a wide range of Apple devices including iPhones, iPads, Macs, Apple TVs, Apple Watches, and Vision Pro (Apple Security).

Apple has addressed this vulnerability by implementing improved memory handling in the affected systems. Users are advised to update to Safari 18.6, macOS Sequoia 15.6, iOS 18.6, iPadOS 18.6, tvOS 18.6, watchOS 11.6, or visionOS 2.6 depending on their device (Apple Security).