VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Jan 27, 2025· Updated Apr 2, 2026

CVE-2025-24113

CVE-2025-24113

Description

The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead to user interface spoofing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Visiting a malicious website may allow user interface spoofing due to an insufficiently robust UI in Apple Safari, iOS, iPadOS, macOS, visionOS, and watchOS.

Vulnerability

Overview

CVE-2025-24113 is a user interface spoofing vulnerability in Apple WebKit, affecting Safari, iOS, iPadOS, macOS, visionOS, and watchOS. The root cause is an insufficiently robust user interface that could be manipulated by a malicious website to present misleading appearance to the user.[1][2]

Exploitation

Scenario

The attack vector is network-based, requiring the victim to visit a specially crafted malicious website. No authentication is needed; the exploitation occurs purely through browsing.[1] The issue was addressed by improving the UI logic to better resist spoofing attempts.[1][2][3]

Impact

If successfully exploited, an attacker could perform user interface spoofing, potentially tricking the user into trusting a fake dialog or webpage, leading to disclosure of sensitive information or unintended actions.[1]

Mitigation

Apple has released patches in Safari 18.3, Safari 18.4, iOS 18.3/iPadOS 18.3, iOS 18.4/iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, and watchOS 11.4.[1][2][3][4] There is no known workaround; users are advised to update to the latest software versions.

References
  1. About the security content of iOS 18.4 and iPadOS 18.4 - Apple Support
  2. About the security content of macOS Sequoia 15.4 - Apple Support
  3. About the security content of macOS Sequoia 15.3 - Apple Support
  4. About the security content of visionOS 2.4 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Apple Inc./Safari2 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <18.3
    • (no CPE)range: <18.3
  • Apple Inc./Ipados
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Range: <18.3
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <18.3
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <15.3
    • (no CPE)range: <15.3
  • Apple Inc./Visionos
    cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
    Range: <2.3
  • Apple Inc./iOSllm-fuzzy
    Range: <18.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

20

News mentions

0

No linked articles in our index yet.