AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesMarch 19, 2026CVE-2025-31277

Summary

Apple's Safari browser and operating systems (iOS, iPadOS, macOS, watchOS, visionOS, and tvOS) contain a buffer overflow vulnerability (a memory safety bug where data overflows a fixed-size storage area, corrupting nearby memory) that could allow attackers to damage system memory by tricking users into viewing malicious websites. This vulnerability is currently being exploited by attackers in real-world attacks.

Solution / Mitigation

Apply mitigations per Apple's vendor instructions (see support links provided), follow BOD 22-01 guidance for cloud services, or discontinue use of the affected products if mitigations are unavailable. The due date for remediation is 2026-04-03.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

March 19, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-119

CAPEC (Attack Pattern)

CAPEC-100

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-31277

First tracked: March 20, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%