CVE-2025-24264

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

INFO

Published Date :

2025-03-31T22:23:36.148Z

Last Modified :

2026-04-02T18:20:17.585Z

Source :

apple

AFFECTED PRODUCTS

The following products are affected by CVE-2025-24264 vulnerability.

Vendors	Products
Apple	Ipados Iphone Os Macos Safari Tvos Visionos
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Tus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24264.

URL	Resource
http://seclists.org/fulldisclosure/2025/Apr/11
http://seclists.org/fulldisclosure/2025/Apr/12
http://seclists.org/fulldisclosure/2025/Apr/13
http://seclists.org/fulldisclosure/2025/Apr/2
http://seclists.org/fulldisclosure/2025/Apr/4
http://seclists.org/fulldisclosure/2025/Apr/5
http://seclists.org/fulldisclosure/2025/Apr/8
https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2025-24264
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122376
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378
https://support.apple.com/en-us/122379
https://webkitgtk.org/security/WSA-2025-0003.html
https://www.cve.org/CVERecord?id=CVE-2025-24264

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact