1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability

Known Exploited Vulnerabilities CVE-2025-24201

Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
An out-of-bounds zero-day flaw exists in WebKit that adversaries have been exploiting via specially crafted web content to escape the Web Content sandbox.
References
  1. https://socprime.com/blog/cve-2025-24201-webkit-zeroday-vulnerability/
CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
An out-of-bounds zero-day flaw exists in WebKit that adversaries have been exploiting via specially crafted web content to escape the Web Content sandbox.
References
  1. https://socprime.com/blog/cve-2025-24201-webkit-zeroday-vulnerability/