CVE-2025-31277 - Apple Multiple Products Buffer Overflow Vulnerability
Project:Apple
Product:Multiple Products
Date Added:2026-03-20Due Date:2026-04-03
Vulnerability Name
Apple Multiple Products Buffer Overflow Vulnerability
Description
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://support.apple.com/en-us/124147
https://support.apple.com/en-us/124149
https://support.apple.com/en-us/124152
https://support.apple.com/en-us/124153
https://support.apple.com/en-us/124155
https://nvd.nist.gov/vuln/detail/CVE-2025-31277
Related News Articles
Apple expands iOS 18 updates to more iPhones to block DarkSword attacksApril 2, 2026
CISA orders feds to patch DarkSword iOS flaws exploited attacksMarch 23, 2026
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026March 21, 2026