Actively exploited in the wild
Apple Multiple Products Buffer Overflow Vulnerability
Apple — Multiple Products · Listed in the CISA KEV since 2026-03-20. This indicates confirmed attacks in production environments.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2025-31277
HighCVSS 8.8KEVExploitation Probability (EPSS)
Elevated risk71th percentile — higher than 71% of all known CVEs
Summary
A vulnerability in WebKit allows memory corruption when processing maliciously crafted web content. The issue was fixed by improving memory handling.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary code in the browser context, potentially leading to device compromise or data theft.
Recommendation
Immediately update Apple systems (Safari, iOS, iPadOS, macOS, tvOS, visionOS, watchOS) to the latest versions mentioned in the CVE description.
Original NVD description (English source)
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

