Apple devices and Safari: Web Content sandbox breakout (CVE-2025-24201) #shorts

Summary

Hello and welcome to today's podcast where we uncover the details of a newly disclosed critical vulnerability, CVE-2025-24201, affecting multiple Apple products including iOS, macOS, iPadOS, visionOS, and the Safari browser. This vulnerability has been exploited in sophisticated attacks and demands your immediate attention.

Product details

The products affected by this vulnerability include: iOS and iPadOS versions below 18.3, macOS versions below 15.3, visionOS versions below 2.3, and Safari versions below 18.3. These platforms are core to Apple's ecosystem, supporting millions of users worldwide.

Vulnerability type summary

CVE-2025-24201 is classified as an out-of-bounds write issue within the Web Content sandbox of affected Apple products. This vulnerability can be exploited via maliciously crafted web content, bypassing security checks and allowing unauthorized actions.

Details of the vulnerability

The vulnerability allows attackers to break out of the Web Content sandbox environment, potentially leading to a buffer overflow exploit. This issue was initially addressed in iOS 17.2, but further supplementary fixes were required. Apple has released updates to address these vulnerabilities in the form of iOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1.

Conclusion

In conclusion, users and administrators are strongly advised to update their Apple devices to the latest firmware versions to patch CVE-2025-24201 and protect against sophisticated attack vectors. For those using webkit-based browsers or platforms, it is crucial to apply the latest security updates provided by SUSE, Fedora, and other distributions.

Watch the full video on YouTube: CVE-2025-24201

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

CVE database technical details

CVE ID

CVE-2025-24201

Description

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

Provider

apple

CWE / problem types

Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.)

Affected Software Versions

Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '18.3', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '15.3', 'versionType': 'custom'}],Apple:visionOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '2.3', 'versionType': 'custom'}],Apple:Safari:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '18.3', 'versionType': 'custom'}],Apple:watchOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '11.4', 'versionType': 'custom'}],Apple:iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.7', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '16.7', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '15.8', 'versionType': 'custom'}]

Date Published

2025-03-11T18:07:21.848Z

Last Updated

2025-04-13T20:03:04.398Z