-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-05-12-2025-9 Safari 18.5 Safari 18.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122719. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. WebKit Available for: macOS Ventura and macOS Sonoma Impact: A type confusion issue could lead to memory corruption Description: This issue was addressed with improved handling of floats. WebKit Bugzilla: 286694 CVE-2025-24213: Google V8 Security Team WebKit Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may lead to memory corruption Description: The issue was addressed with improved checks. WebKit Bugzilla: 289387 CVE-2025-31223: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs WebKit Bugzilla: 289653 CVE-2025-31238: wac working with Trend Micro Zero Day Initiative WebKit Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may lead to memory corruption Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 287577 CVE-2025-24223: rheza (@ginggilBesel) and an anonymous researcher WebKit Bugzilla: 291506 CVE-2025-31204: Nan Wang(@eternalsakura13) WebKit Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: The issue was addressed with improved input validation. WebKit Bugzilla: 289677 CVE-2025-31217: Ignacio Sanmillan (@ulexec) WebKit Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved checks. WebKit Bugzilla: 288814 CVE-2025-31215: Jiming Wang and Jikai Ren WebKit Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A type confusion issue was addressed with improved state handling. WebKit Bugzilla: 290834 CVE-2025-31206: an anonymous researcher WebKit Available for: macOS Ventura and macOS Sonoma Impact: A malicious website may exfiltrate data cross-origin Description: The issue was addressed with improved checks. WebKit Bugzilla: 290992 CVE-2025-31205: Ivan Fratric of Google Project Zero WebKit Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: This issue was addressed with improved memory handling. WebKit Bugzilla: 290985 CVE-2025-31257: Juergen Schmied of Lynck GmbH Additional recognition Safari We would like to acknowledge @RenwaX23, Akash Labade, Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India) for their assistance. WebKit We would like to acknowledge Mike Dougherty and Daniel White of Google Chrome and an anonymous researcher for their assistance. Safari 18.5 may be obtained from the Mac App Store. All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmgicyIACgkQX+5d1TXa IvqKbQ/8Ccj2m4snrZPcCnOs75L9lAuJejO/amAr14Ag5bK17LIkWQKGXf/BLsss 30aqxjhz1gOO+g+9W/AD8dOu4MSeAhtaQQPck8U4PtJ+gtvnObjznycMwkQ9NdF9 ZknYBW/+LNM/sy/2h2hYJQ/YyBCZ65+7iJSvhH/HPiDzgbtJRQaJabkmzcbb2Kv4 i7R8tRnZPMHLGIgtT6nNCn/8sUHxJnZEGrcYUI3yQOYmUce5WkhF8Cf7GAZJ9eXQ zoW73Vrfo+pjvqShWtAfMKoW9DRVTmGCzkv5L43ENE/sNfSo1y/Ohgq7l7i3I5hw qIiQ31O1RDGYDWrS4QCOs9jJRZ0LmSPklWn42vHK509EcFuYHOTTK+MTI/DTRiCJ a/ksWkRetyihlIOXHkjSjMlZkI1V7LX2hXzNWHAroL05kNWVu0kTE80t+szFPJec ICR8Y2qru/sHL6iLtdxE290f4wM4k+LZsvyBAJ6Eq+XV/UGFU6n5Hm99W5ZqH2iA g7KFiBZrPlrXXGPzV+bnEWNWpNg8FfNkhTJX5U83/Y8zxTtKw7oOcXak6Az3btAg ZdDbiiEV/yg1rGHBSFCq4uttI3Uribav4bFb3EYMA4lCAWSFs/l4g7/rwGFg0Pjx BQv5VYSfhbRfqiiLYgRUqjJ4U4lIU4hZ9EvHu9WptTQKuC5oS3E= =o/LL -----END PGP SIGNATURE-----