Primary

Context

Apple WebKit Leaked DNS Query Vulnerability in Multiple Products

Vulnerability

A logic issue in the WebKit component of Safari, iOS, iPadOS, tvOS, watchOS, and visionOS was addressed with improved state management. This vulnerability allows remote attackers to view leaked DNS queries when Private Relay is enabled. It affects several different versions and/or ranges.

Impact

Exploitation of this vulnerability could lead to unauthorized access to DNS query information, potentially revealing user browsing habits or interests.

Remediation

Users can update to the latest versions of Safari, iOS, iPadOS, tvOS, watchOS, or visionOS to address this vulnerability. Instructions for updating can be found on the Apple Support website.

Added: Nov 4, 2025, 3:22 AM

Updated: Nov 4, 2025, 3:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Leaked DNS Query Vulnerability in Multiple Products

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating