Fixed:A malicious app may be able to bypass browser extension authentication

Safari 18.3
Released January 27, 2025

Passwords
Available for: macOS Ventura and macOS Sonoma
Impact: A malicious app may be able to bypass browser extension authentication
Description: A logging issue was addressed with improved data redaction.
CVE-2025-24169: Josh Parnham (@joshparnham)

Safari
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a malicious website may lead to user interface spoofing
Description: The issue was addressed with improved UI.
CVE-2025-24113: @RenwaX23

Safari
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed by adding additional logic.
CVE-2025-24128: @RenwaX23

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: The issue was addressed with improved access restrictions to the file system.
WebKit Bugzilla: 283117
CVE-2025-24143: an anonymous researcher

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 283889
CVE-2025-24158: Q1IQ (@q1iqF) of NUS CuriOSity and P1umer (@p1umer) of Imperial Global Singapore

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 284159
CVE-2025-24162: linjy of HKUS3Lab and chluo of WHUSecLab

WebKit Web Inspector
Available for: macOS Ventura and macOS Sonoma
Impact: Copying a URL from Web Inspector may lead to command injection
Description: A privacy issue was addressed with improved handling of files.
WebKit Bugzilla: 283718
CVE-2025-24150: Johan Carlsson (joaxcar)