IRONSMITHINTEL
HIGHCVSS8.8
|
Actively Exploited
|CISA KEV|CVE-2025-31277|Auth: none — unauthenticated|Reboot: required|Manual only

Apple Multiple Products Buffer Overflow Vulnerability

Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.

Published Jul 30, 2025 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2026-04-03 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Buffer Overflow (CWE-119) vulnerability in Apple Multiple Products. The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. Exploitation requires remote network access, low attack complexity, no authentication required, and user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

Apple Device Administrators
Endpoint Security
IT Security
Running safari: v < 18.6; ipados: v < 18.6; iphone os: v < 18.6; macos: 15.0 ≤ v < 15.6; tvos: v < 18.6; visionos: v < 2.6; watchos: v < 11.6
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

    1
    Vendor advisory: https://support.apple.com/en-us/124147
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-31277
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2025-31277NVDVendor Advisory