CVE-2025-24213

HIGH

Apple Safari < 18.4 - Type Confusion

Title source: rule
STIX 2.1

Description

This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption.

References (19)

Scores

CVSS v3 7.8
EPSS 0.0013
EPSS Percentile 31.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-843
Status published
Products (12)
Apple/iOS and iPadOS < 18.5
apple/ipados < 17.7.6
Apple/iPadOS < 17.7.7
apple/iphone_os < 18.4
Apple/macOS < 15.5
apple/macos 15.0 - 15.4
apple/safari < 18.4
Apple/Safari < 18.5
apple/tvos < 18.4
Apple/tvOS < 18.5
... and 2 more
Published Mar 31, 2025
Tracked Since Feb 18, 2026