CVE-2025-24201 - Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability

Apple | Multiple Products

• Date Added:
• 2025-03-13

• Due Date:
• 2025-04-03

Vulnerability Name

Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability

Description

Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.apple.com/en-us/122281 ; https://support.apple.com/en-us/122283 ; https://support.apple.com/en-us/122284 ; https://support.apple.com/en-us/122285 ; ; https://nvd.nist.gov/vuln/detail/CVE-2025-24201

Top Security News

Microsoft confirms it's killing off Skype in May, after 14 years

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools

ClickFix attack delivers infostealers, RATs in fake Booking.com emails

U.S. recovers $31 million stolen in 2021 Uranium Finance hack

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

Unpatched Edimax IP camera flaw actively exploited in botnet attacks

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumAbsence of Anti-CSRF Tokens

MediumMissing Anti-clickjacking Header

MediumContent Security Policy (CSP) Header Not Set

InformationalInformation Disclosure - Suspicious Comments

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

HighPII Disclosure

InformationalModern Web Application

Latest CVE List

CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability

CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability

CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability

CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability

CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability

CVE-2025-24991 Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability

CVE-2025-24993 Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability

CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability

CVE-2024-57968 Advantive VeraCore Unrestricted File Upload Vulnerability

Common CWEs

CWE-1329 Reliance on Component That is Not Updateable

HighCWE-268 Privilege Chaining

CWE-210 Self-generated Error Message Containing Sensitive Information

HighCWE-770 Allocation of Resources Without Limits or Throttling

CWE-46 Path Equivalence: 'filename ' (Trailing Space)

CWE-1087 Class with Virtual Method without a Virtual Destructor

CWE-278 Insecure Preserved Inherited Permissions

LowCWE-188 Reliance on Data/Memory Layout

CWE-1317 Improper Access Control in Fabric Bridge

CWE-820 Missing Synchronization