{"uuid": "c1aa3b44-ae54-436b-b3c3-a88194ecb70e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "About the security content of Safari 18.6", "description": "# About the security content of Safari 18.6 - Apple Support\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security releases](https://support.apple.com/en-us/100100) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](https://www.cve.org/About/Overview) when possible.\n\nFor more information about security, see the [Apple Product Security](https://support.apple.com/en-us/102549) page.\n\nReleased July 30, 2025\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing a file may lead to memory corruption\n\nDescription: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at [cve.org](http://cve.org/).\n\nCVE-2025-7425: Sergei Glazunov of Google Project Zero\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing maliciously crafted web content may lead to memory corruption\n\nDescription: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at [cve.org](https://www.cve.org/).\n\nCVE-2025-7424: Ivan Fratric of Google Project Zero\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2025-24188: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: This issue was addressed through improved state management.\n\nWebKit Bugzilla: 285927\n\nCVE-2025-43229: Martin Bajanik of Fingerprint, Ammar Askar\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: The issue was addressed with improved UI.\n\nWebKit Bugzilla: 294374\n\nCVE-2025-43228: Jaydev Ahire\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: This issue was addressed through improved state management.\n\nWebKit Bugzilla: 292888\n\nCVE-2025-43227: Gilad Moav\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing maliciously crafted web content may lead to memory corruption\n\nDescription: The issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 291742\n\nCVE-2025-31278: Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei\n\nWebKit Bugzilla: 291745\n\nCVE-2025-31277: Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei\n\nWebKit Bugzilla: 293579\n\nCVE-2025-31273: Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: A download's origin may be incorrectly associated\n\nDescription: A logic issue was addressed with improved checks.\n\nWebKit Bugzilla: 293994\n\nCVE-2025-43240: Syarif Muhammad Sajjad\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: The issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 292599\n\nCVE-2025-43214: shandikri working with Trend Micro Zero Day Initiative, Google V8 Security Team\n\nWebKit Bugzilla: 292621\n\nCVE-2025-43213: Google V8 Security Team\n\nWebKit Bugzilla: 293197\n\nCVE-2025-43212: Nan Wang (@eternalsakura13) and Ziling Chen\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing web content may lead to a denial-of-service\n\nDescription: The issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 293730\n\nCVE-2025-43211: Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing maliciously crafted web content may disclose internal states of the app\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nWebKit Bugzilla: 294182\n\nCVE-2025-43265: HexRabbit (@h3xr4bb1t) from DEVCORE Research Team\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use-after-free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 295382\n\nCVE-2025-43216: Ignacio Sanmillan (@ulexec)\n\nAvailable for: macOS Ventura and macOS Sonoma\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at [cve.org](http://cve.org/).\n\nWebKit Bugzilla: 296459\n\nCVE-2025-6558: Cl\u00e9ment Lecigne and Vlad Stolyarov of Google's Threat Analysis Group\n\nWe would like to acknowledge Sergei Glazunov of Google Project Zero for their assistance.\n\nWe would like to acknowledge Ivan Fratric of Google Project Zero for their assistance.\n\nWe would like to acknowledge Ameen Basha M K for their assistance.\n\nWe would like to acknowledge Google V8 Security Team, Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei, rheza (@ginggilBesel) for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](https://support.apple.com/103190) for additional information.\n\nPublished Date:\u00a0July 30, 2025", "creation_timestamp": "2025-08-26T08:16:53.718346+00:00", "timestamp": "2025-08-26T08:16:53.718346+00:00", "related_vulnerabilities": ["CVE-2025-6558", "CVE-2025-31277", "CVE-2025-43240", "CVE-2025-43228", "CVE-2025-24188", "CVE-2025-31273", "CVE-2025-31278", "CVE-2025-43213", "CVE-2025-43227", "CVE-2025-43229", "CVE-2025-43211", "CVE-2025-7424", "CVE-2025-43265", "CVE-2025-43216", "CVE-2025-7425", "CVE-2025-43214", "CVE-2025-43212"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}