Apple Safari vulnerabilities
1,546 known vulnerabilities affecting apple/safari.
Total CVEs
1,546
CISA KEV
27
actively exploited
Public exploits
145
Exploited in wild
21
Severity breakdown
CRITICAL211HIGH575MEDIUM741LOW19
Vulnerabilities
Page 6 of 78
CVE-2025-24208MEDIUMCVSS 6.1fixed in 18.42025-03-31
CVE-2025-24208 [MEDIUM] CWE-79 CVE-2025-24208: A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4,
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
cvelistv5nvd
CVE-2025-30425MEDIUMCVSS 4.3fixed in 18.42025-03-31
CVE-2025-30425 [MEDIUM] CWE-284 CVE-2025-30425: This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. A malicious website may be able to track users in Safari private browsing mode.
cvelistv5nvd
CVE-2025-30427MEDIUMCVSS 4.3fixed in 18.42025-03-31
CVE-2025-30427 [MEDIUM] CWE-416 CVE-2025-30427: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2024-54551HIGHCVSS 7.5fixed in 17.62025-03-21
CVE-2024-54551 [HIGH] CWE-119 CVE-2024-54551: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content may lead to a denial-of-service.
cvelistv5nvd
CVE-2025-24201CRITICALCVSS 10.0KEVfixed in 18.3.12025-03-11
CVE-2025-24201 [CRITICAL] CWE-787 CVE-2025-24201: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. Thi
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break ou
cvelistv5nvd
CVE-2024-44192MEDIUMCVSS 5.5fixed in 18.0fixed in 182025-03-10
CVE-2024-44192 [MEDIUM] CWE-400 CVE-2024-44192: The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18
The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.
cvelistv5nvd
CVE-2024-54467MEDIUMCVSS 6.5fixed in 18.0fixed in 182025-03-10
CVE-2024-54467 [MEDIUM] CWE-200 CVE-2024-54467: A cookie management issue was addressed with improved state management. This issue is fixed in Safar
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.
cvelistv5nvd
CVE-2024-54658MEDIUMCVSS 6.5fixed in 17.42025-02-10
CVE-2024-54658 [MEDIUM] CWE-400 CVE-2024-54658: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.
cvelistv5nvd
CVE-2024-54542CRITICALCVSS 9.1fixed in 18.22025-01-27
CVE-2024-54542 [CRITICAL] CWE-862 CVE-2024-54542: An authentication issue was addressed with improved state management. This issue is fixed in Safari
An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication.
cvelistv5nvd
CVE-2024-54543HIGHCVSS 8.8fixed in 18.22025-01-27
CVE-2024-54543 [HIGH] CWE-787 CVE-2024-54543: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.
cvelistv5nvd
CVE-2025-24169HIGHCVSS 7.5fixed in 18.32025-01-27
CVE-2025-24169 [HIGH] CWE-532 CVE-2025-24169: A logging issue was addressed with improved data redaction. This issue is fixed in Safari 18.3, macO
A logging issue was addressed with improved data redaction. This issue is fixed in Safari 18.3, macOS Sequoia 15.3. A malicious app may be able to bypass browser extension authentication.
cvelistv5nvd
CVE-2025-24150HIGHCVSS 8.8fixed in 18.32025-01-27
CVE-2025-24150 [HIGH] CWE-77 CVE-2025-24150: A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, i
A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command injection.
cvelistv5nvd
CVE-2025-24143MEDIUMCVSS 6.5fixed in 18.32025-01-27
CVE-2025-24143 [MEDIUM] CWE-862 CVE-2025-24143: The issue was addressed with improved access restrictions to the file system. This issue is fixed in
The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
cvelistv5nvd
CVE-2025-24113MEDIUMCVSS 4.3fixed in 18.3fixed in 18.42025-01-27
CVE-2025-24113 [MEDIUM] CVE-2025-24113: The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3
The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead to user interface spoofing.
cvelistv5nvd
CVE-2025-24158MEDIUMCVSS 6.5fixed in 18.32025-01-27
CVE-2025-24158 [MEDIUM] CWE-79 CVE-2025-24158: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.
cvelistv5nvd
CVE-2025-24162MEDIUMCVSS 6.5fixed in 18.32025-01-27
CVE-2025-24162 [MEDIUM] CWE-125 CVE-2025-24162: This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS
This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash.
cvelistv5nvd
CVE-2025-24128MEDIUMCVSS 4.3fixed in 18.32025-01-27
CVE-2025-24128 [MEDIUM] CVE-2025-24128: The issue was addressed by adding additional logic. This issue is fixed in Safari 18.3, iOS 18.3 and
The issue was addressed by adding additional logic. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Visiting a malicious website may lead to address bar spoofing.
cvelistv5nvd
CVE-2024-27856HIGHCVSS 7.8fixed in 17.52025-01-15
CVE-2024-27856 [HIGH] CWE-94 CVE-2024-27856: The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPa
The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution.
cvelistv5nvd
CVE-2024-54534CRITICALCVSS 9.8fixed in 18.22024-12-12
CVE-2024-54534 [CRITICAL] CWE-787 CVE-2024-54534: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.
cvelistv5nvd
CVE-2024-54479HIGHCVSS 7.5fixed in 18.22024-12-12
CVE-2024-54479 [HIGH] CVE-2024-54479: The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.
cvelistv5nvd