CVE-2025-24109
Published: 27 January 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-24109 is a downgrade vulnerability in macOS, addressed through additional code-signing restrictions. It affects macOS Sequoia versions prior to 15.3, macOS Sonoma prior to 14.7.3, and macOS Ventura prior to 13.7.3. The issue, associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), allows an app to access sensitive user data, with a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).
A local attacker can exploit this vulnerability with low complexity and no required privileges, but user interaction is necessary, such as running a malicious app. Successful exploitation enables high-impact confidentiality violations, permitting access to sensitive user data without altering integrity or availability.
Apple's security advisories confirm the fix in macOS Sequoia 15.3, Sonoma 14.7.3, and Ventura 13.7.3, recommending immediate updates for mitigation. Further details appear in Apple's security content pages (support.apple.com/en-us/122068, 122069, 122070) and Full Disclosure mailing list posts from January 2025 (seclists.org/fulldisclosure/2025/Jan/15, 16).
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability directly enables access to sensitive user data on the local system via a malicious app (T1005) and requires user execution of that malicious file to trigger exploitation (T1204.002).