For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released March 31, 2025
Available for: macOS Ventura and macOS Sonoma
Impact: A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix
Description: The issue was addressed with improved input validation.
CVE-2025-24180: Martin Kreichgauer of Google Chrome
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a malicious website may lead to user interface spoofing
Description: The issue was addressed with improved UI.
CVE-2025-24113: @RenwaX23
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved checks.
CVE-2025-30467: @RenwaX23
Available for: macOS Ventura and macOS Sonoma
Impact: A website may be able to access sensor information without user consent
Description: The issue was addressed with improved checks.
CVE-2025-31192: Jaydev Ahire
Available for: macOS Ventura and macOS Sonoma
Impact: A download's origin may be incorrectly associated
Description: This issue was addressed through improved state management.
CVE-2025-24167: Syarif Muhammad Sajjad
Available for: macOS Ventura and macOS Sonoma
Impact: An app may gain unauthorized access to Local Network
Description: This issue was addressed with improved permissions checking.
CVE-2025-31184: Alexander Heinrich (@Sn0wfreeze), SEEMOO, TU Darmstadt & Mathy Vanhoef (@vanhoefm) and Jeroen Robben (@RobbenJeroen), DistriNet, KU Leuven
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a website may leak sensitive data
Description: A script imports issue was addressed with improved isolation.
CVE-2025-24192: Vsevolod Kokorin (Slonser) of Solidlab
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 285892
CVE-2025-24264: Gary Kwong, and an anonymous researcher
WebKit Bugzilla: 284055
CVE-2025-24216: Paul Bakker of ParagonERP
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A buffer overflow issue was addressed with improved memory handling.
WebKit Bugzilla: 286462
CVE-2025-24209: Francisco Alonso (@revskills), and an anonymous researcher
Available for: macOS Ventura and macOS Sonoma
Impact: Loading a malicious iframe may lead to a cross-site scripting attack
Description: A permissions issue was addressed with additional restrictions.
WebKit Bugzilla: 286381
CVE-2025-24208: Muhammad Zaid Ghifari (Mr.ZheeV) and Kalimantan Utara
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 285643
CVE-2025-30427: rheza (@ginggilBesel)
Available for: macOS Ventura and macOS Sonoma
Impact: A malicious website may be able to track users in Safari private browsing mode
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 286580
CVE-2025-30425: an anonymous researcher
We would like to acknowledge George Bafaloukas (george.bafaloukas@pingidentity.com) and Shri Hunashikatti (sshpro9@gmail.com) for their assistance.
We would like to acknowledge Koh M. Nakagawa (@tsunek0h) of FFRI Security, Inc. for their assistance.
We would like to acknowledge Alisha Ukani, Pete Snyder, Alex C. Snoeren for their assistance.
We would like to acknowledge Charlie Robinson for their assistance.
We would like to acknowledge Gary Kwong, Jesse Stolwijk, Junsung Lee, P1umer (@p1umer) and Q1IQ (@q1iqF), Wai Kin Wong, Dongwei Xiao, Shuai Wang and Daoyuan Wu of HKUST Cybersecurity Lab, Anthony Lai(@darkfloyd1014) of VXRL, Wong Wai Kin, Dongwei Xiao and Shuai Wang of HKUST Cybersecurity Lab, Anthony Lai (@darkfloyd1014) of VXRL., Xiangwei Zhang of Tencent Security YUNDING LAB, 냥냥, and an anonymous researcher for their assistance.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
Published Date: May 07, 2025
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3