Home / mailings APPLE-SA-05-12-2025-9 Safari 18.5
Posted on 13 May 2025
Apple Security-announceAPPLE-SA-05-12-2025-9 Safari 18.5
Safari 18.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122719.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: A type confusion issue could lead to memory corruption
Description: This issue was addressed with improved handling of floats.
WebKit Bugzilla: 286694
CVE-2025-24213: Google V8 Security Team
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to memory
corruption
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 289387
CVE-2025-31223: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
WebKit Bugzilla: 289653
CVE-2025-31238: wac working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to memory
corruption
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 287577
CVE-2025-24223: rheza (@ginggilBesel) and an anonymous researcher
WebKit Bugzilla: 291506
CVE-2025-31204: Nan Wang(@eternalsakura13)
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: The issue was addressed with improved input validation.
WebKit Bugzilla: 289677
CVE-2025-31217: Ignacio Sanmillan (@ulexec)
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 288814
CVE-2025-31215: Jiming Wang and Jikai Ren
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A type confusion issue was addressed with improved state
handling.
WebKit Bugzilla: 290834
CVE-2025-31206: an anonymous researcher
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: A malicious website may exfiltrate data cross-origin
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 290992
CVE-2025-31205: Ivan Fratric of Google Project Zero
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: This issue was addressed with improved memory handling.
WebKit Bugzilla: 290985
CVE-2025-31257: Juergen Schmied of Lynck GmbH
Additional recognition
Safari
We would like to acknowledge @RenwaX23, Akash Labade, Narendra Bhati,
Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India) for their
assistance.
WebKit
We would like to acknowledge Mike Dougherty and Daniel White of Google
Chrome and an anonymous researcher for their assistance.
Safari 18.5 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
