CVE-2025-24176
Published: 27 January 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-24176 is a permissions issue addressed through improved validation in macOS. It affects macOS Sequoia prior to version 15.3, macOS Sonoma prior to 14.7.3, and macOS Ventura prior to 13.7.3. The vulnerability, associated with CWE-276, carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
A local attacker with low privileges can exploit this vulnerability with low attack complexity and without requiring user interaction. Successful exploitation enables the attacker to elevate their privileges, resulting in high impacts to confidentiality and integrity but no availability impact.
Apple's security advisories confirm the issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3. Mitigation involves updating affected systems to these patched versions, with further details available in the referenced Apple support pages and Full Disclosure mailing list posts.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Local privilege escalation vulnerability due to incorrect permissions (CWE-276) directly enables exploitation for privilege escalation on macOS.