- 61/2025
- High
Apple has released security updates to address a zero-day vulnerability in the WebKit cross-platform across macOS Sequoia and Safari.
The addressed vulnerability could allow the remote attacker to execute arbitrary code caused by an out-of-bounds write in the WebKit component by persuading the victim to open a specially crafted web content.
Apple Safari and macOS Sequoia Code Execution Vulnerability (CVE-2025-24201):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
It should be highlighted that Apple is aware that the zero-day vulnerability “CVE-2025-24201” is being exploited in the wild in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.
Vulnerabilities
CVE-2025-24201
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.