VYPR
← All advisories
Medium severity6.5NVD Advisory· Published Jan 27, 2025· Updated Apr 2, 2026

CVE-2025-24158

CVE-2025-24158

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Processing web content on Apple devices may cause a denial-of-service due to a memory handling issue.

Vulnerability

Description CVE-2025-24158 is a memory handling vulnerability in Apple's web content processing. The issue can lead to a denial-of-service when malicious web content is processed. The root cause is improved memory handling, suggesting a memory corruption or similar flaw that causes the application to crash or become unresponsive.

Exploitation

An attacker can exploit this vulnerability by convincing a user to view a specially crafted webpage. No special privileges or network access are required beyond the ability to deliver web content. The vulnerability affects multiple Apple platforms including Safari, iOS, iPadOS, macOS, tvOS, and visionOS.

Impact

Successful exploitation results in a denial-of-service condition, potentially causing Safari or the entire system to crash or become unresponsive. While the impact is limited to availability, it could disrupt user productivity or service availability.

Mitigation

Apple has addressed this issue in security updates released on January 27, 2025. The fixes are included in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, and visionOS 2.3 [1][2][3][4]. Users should update their devices to the latest operating system versions to protect against this vulnerability.

References
  1. About the security content of macOS Sequoia 15.3 - Apple Support
  2. About the security content of iOS 18.3 and iPadOS 18.3 - Apple Support
  3. About the security content of visionOS 2.3 - Apple Support
  4. About the security content of tvOS 18.3 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

51

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

11

News mentions

0

No linked articles in our index yet.