CVE-2025-24130
Published: 27 January 2025
Description
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Security Summary
CVE-2025-24130 is a vulnerability in macOS that allows an app to modify protected parts of the file system. The issue affects macOS versions prior to Sequoia 15.3, Sonoma 14.7.3, and Ventura 13.7.3, and was addressed through improved checks. It has a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N), indicating medium severity with high integrity impact but no confidentiality or availability effects.
A local attacker can exploit this vulnerability with low complexity and no required privileges, though user interaction is necessary. By tricking a user into interacting with a malicious app, the attacker can achieve modification of protected file system areas, potentially leading to persistence, data tampering, or escalation in a local context.
Apple security advisories confirm the fix in macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3 via improved checks, as detailed in support documents at https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, and https://support.apple.com/en-us/122070. Additional details appear in Full Disclosure mailing list posts at http://seclists.org/fulldisclosure/2025/Jan/15 and http://seclists.org/fulldisclosure/2025/Jan/16. Security practitioners should ensure systems are updated to patched versions to mitigate the risk.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows modification of protected file system areas, enabling local privilege escalation via exploitation (T1068) and Stored Data Manipulation (T1565.001) for data tampering; persistence is suggested but less directly mapped.