The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously c

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

Affected Products

Vendor	Product	Versions
apple	safari	< 18.6, < 18.6, < 18.6, < 15.6, < 18.6, < 2.6, < 11.6, < 17.7.9, < 14.7.7, < 13.7.7, < 18.7, < 26.3

References

https://support.apple.com/en-us/124147(Release Notes, Vendor Advisory)
https://support.apple.com/en-us/124149(Release Notes, Vendor Advisory)
https://support.apple.com/en-us/124152(Release Notes, Vendor Advisory)
https://support.apple.com/en-us/124153(Release Notes, Vendor Advisory)
https://support.apple.com/en-us/124154(Release Notes, Vendor Advisory)
https://support.apple.com/en-us/124155(Release Notes, Vendor Advisory)
http://seclists.org/fulldisclosure/2025/Aug/0(Mailing List, Third Party Advisory)
http://seclists.org/fulldisclosure/2025/Jul/30(Mailing List, Third Party Advisory)
http://seclists.org/fulldisclosure/2025/Jul/32(Mailing List, Third Party Advisory)
http://seclists.org/fulldisclosure/2025/Jul/36(Mailing List, Third Party Advisory)
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/(Technical Description)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277(US Government Resource)

Related News (3 articles)

Tier E

Lobsters Security1d ago

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

→ No new info (linked only)

Tier D

The Hacker News6d ago

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

→ No new info (linked only)

Tier B

CCCS Canada6d ago

Apple security advisory (AV25-464) – Update 1

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

CWECWE-119, CWE-20

Published7/30/2025

Last enriched47m agov5

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Version History

Last enriched 47m ago

v5Tier E47m ago

Updated affected versions to include '< 26.3', added patch version '26.3', and included new IoCs and tags related to the DarkSword exploit chain.

affectedVersionstags

via Lobsters Security

v4Tier D52m ago

Updated CVSS score to 8.8 and added CISA KEV tag.