CVE-2025-24172
Published: 31 March 2025
Description
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
Security Summary
CVE-2025-24172 is a permissions issue, classified under CWE-276, affecting the Mail application on macOS. Specifically, the "Block All Remote Content" setting may not apply to all mail previews, allowing unintended access to remote resources. The vulnerability impacts macOS Sequoia versions prior to 15.4, macOS Sonoma versions prior to 14.7.5, and macOS Ventura versions prior to 13.7.5.
Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, authentication, or user interaction, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploitation occurs when a targeted user previews a malicious email, potentially enabling attackers to load remote content and achieve high impacts on confidentiality, integrity, and availability.
Apple's security advisories detail the fix through additional sandbox restrictions, resolving the issue in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Security practitioners should prioritize updating affected systems, with further mitigation guidance available in Apple's support documents at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability bypasses the 'Block All Remote Content' setting in the macOS Mail app during email previews, directly enabling attackers to load remote resources from malicious emails without user interaction, which facilitates spearphishing link attacks.