Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-24201 | Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
An out-of-bounds zero-day flaw exists in WebKit that adversaries have been exploiting via specially crafted web content to escape the Web Content sandbox.
References
|
| CVE-2025-24201 | Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
An out-of-bounds zero-day flaw exists in WebKit that adversaries have been exploiting via specially crafted web content to escape the Web Content sandbox.
References
|