Apple CVE-2025-31277
HIGHCVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionNVD
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.
AnalysisAI
WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day.
Technical ContextAI
The CWE-119 buffer handling flaw in WebKit's content processing engine allows an attacker to corrupt heap memory through malicious HTML/JavaScript payloads. Apple addressed this with improved memory handling in the WebKit rendering pipeline.
RemediationAI
Update all Apple devices immediately. Organizations should enable Rapid Security Response on managed devices and consider Lockdown Mode for high-risk users.
More from same product – last 7 days
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock
Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today