Home / mailingsPDF  

APPLE-SA-01-27-2025-9 Safari 18.3

Posted on 28 January 2025
Apple Security-announce

APPLE-SA-01-27-2025-9 Safari 18.3

Safari 18.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122074.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Passwords
Available for: macOS Ventura and macOS Sonoma
Impact: A malicious app may be able to bypass browser extension
authentication
Description: A logging issue was addressed with improved data redaction.
CVE-2025-24169: Josh Parnham (@joshparnham)

Safari
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a malicious website may lead to user interface spoofing
Description: The issue was addressed with improved UI.
CVE-2025-24113: @RenwaX23

Safari
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed by adding additional logic.
CVE-2025-24128: @RenwaX23

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: A maliciously crafted webpage may be able to fingerprint the
user
Description: The issue was addressed with improved access restrictions
to the file system.
WebKit Bugzilla: 283117
CVE-2025-24143: an anonymous researcher

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 283889
CVE-2025-24158: Q1IQ (@q1iqF) of NUS CuriOSity and P1umer (@p1umer) of
Imperial Global Singapore

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 284159
CVE-2025-24162: linjy of HKUS3Lab and chluo of WHUSecLab

WebKit Web Inspector
Available for: macOS Ventura and macOS Sonoma
Impact: Copying a URL from Web Inspector may lead to command injection
Description: A privacy issue was addressed with improved handling of
files.
WebKit Bugzilla: 283718
CVE-2025-24150: Johan Carlsson (joaxcar)

Safari 18.3 may be obtained from the Mac App Store.

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP

Mailings :

Exploits :