Apple Safari vulnerabilities
1,613 known vulnerabilities affecting apple/safari.
Total CVEs
1,613
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH615MEDIUM766LOW20UNKNOWN1
Vulnerabilities
Page 7 of 81
CVE-2025-31192MEDIUMCVSS 6.7fixed in 18.42025-03-31
CVE-2025-31192 [MEDIUM] CWE-305 CVE-2025-31192: The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.
nvdapple
CVE-2025-30427MEDIUMCVSS 4.3fixed in 18.42025-03-31
CVE-2025-30427 [MEDIUM] CWE-416 CVE-2025-30427: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
nvdapple
CVE-2025-24192MEDIUMCVSS 6.5fixed in 18.42025-03-31
CVE-2025-24192 [MEDIUM] CVE-2025-24192: A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iO
A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. Visiting a website may leak sensitive data.
nvdapple
CVE-2025-24208MEDIUMCVSS 6.1fixed in 18.42025-03-31
CVE-2025-24208 [MEDIUM] CWE-79 CVE-2025-24208: A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4,
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
nvdapple
CVE-2025-30425MEDIUMCVSS 4.3fixed in 18.42025-03-31
CVE-2025-30425 [MEDIUM] CWE-284 CVE-2025-30425: This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. A malicious website may be able to track users in Safari private browsing mode.
nvdapple
CVE-2025-24216MEDIUMCVSS 4.3fixed in 18.42025-03-31
CVE-2025-24216 [MEDIUM] CWE-119 CVE-2025-24216: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
nvdapple
CVE-2025-30467MEDIUMCVSS 4.3fixed in 18.42025-03-31
CVE-2025-30467 [MEDIUM] CWE-451 CVE-2025-30467: The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. Visiting a malicious website may lead to address bar spoofing.
nvdapple
CVE-2024-54551HIGHCVSS 7.5fixed in 17.62025-03-21
CVE-2024-54551 [HIGH] CWE-119 CVE-2024-54551: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content may lead to a denial-of-service.
nvdapple
CVE-2025-24201CRITICALCVSS 10.0KEVfixed in 18.3.12025-03-11
CVE-2025-24201 [CRITICAL] CWE-787 CVE-2025-24201: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. Thi
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break ou
nvdapple
CVE-2024-44192MEDIUMCVSS 5.5fixed in 18.0fixed in 182025-03-10
CVE-2024-44192 [MEDIUM] CWE-400 CVE-2024-44192: The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18
The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.
nvdapple
CVE-2024-54467MEDIUMCVSS 6.5fixed in 18.0fixed in 182025-03-10
CVE-2024-54467 [MEDIUM] CWE-200 CVE-2024-54467: A cookie management issue was addressed with improved state management. This issue is fixed in Safar
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.
nvdapple
CVE-2024-54658MEDIUMCVSS 6.5fixed in 17.42025-02-10
CVE-2024-54658 [MEDIUM] CWE-400 CVE-2024-54658: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.
nvdapple
CVE-2024-54542CRITICALCVSS 9.1fixed in 18.22025-01-27
CVE-2024-54542 [CRITICAL] CWE-862 CVE-2024-54542: An authentication issue was addressed with improved state management. This issue is fixed in Safari
An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication.
nvd
CVE-2025-24150HIGHCVSS 8.8fixed in 18.32025-01-27
CVE-2025-24150 [HIGH] CWE-77 CVE-2025-24150: A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, i
A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command injection.
nvdapple
CVE-2025-24169HIGHCVSS 7.5fixed in 18.32025-01-27
CVE-2025-24169 [HIGH] CWE-532 CVE-2025-24169: A logging issue was addressed with improved data redaction. This issue is fixed in Safari 18.3, macO
A logging issue was addressed with improved data redaction. This issue is fixed in Safari 18.3, macOS Sequoia 15.3. A malicious app may be able to bypass browser extension authentication.
nvdapple
CVE-2024-54543HIGHCVSS 8.8fixed in 18.22025-01-27
CVE-2024-54543 [HIGH] CWE-787 CVE-2024-54543: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.
nvd
CVE-2025-24113MEDIUMCVSS 4.3fixed in 18.3fixed in 18.42025-01-27
CVE-2025-24113 [MEDIUM] CVE-2025-24113: The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3
The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead to user interface spoofing.
nvdapple
CVE-2025-24158MEDIUMCVSS 6.5fixed in 18.32025-01-27
CVE-2025-24158 [MEDIUM] CWE-79 CVE-2025-24158: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.
nvdapple
CVE-2025-24143MEDIUMCVSS 6.5fixed in 18.32025-01-27
CVE-2025-24143 [MEDIUM] CWE-862 CVE-2025-24143: The issue was addressed with improved access restrictions to the file system. This issue is fixed in
The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
nvdapple
CVE-2025-24162MEDIUMCVSS 6.5fixed in 18.32025-01-27
CVE-2025-24162 [MEDIUM] CWE-125 CVE-2025-24162: This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS
This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash.
nvdapple