CVE-2025-24196
Published: 31 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Security Summary
CVE-2025-24196 is a type confusion vulnerability stemming from improper memory handling, addressed by Apple through enhanced memory management checks. It affects macOS Sequoia versions prior to 15.4 and macOS Sonoma versions prior to 14.7.5. Mapped to CWE-125 (Out-of-bounds Read), the flaw enables potential kernel memory disclosure and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with local user privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Exploitation allows high-impact confidentiality violations, such as reading sensitive kernel memory, alongside high integrity and availability disruptions as indicated by the CVSS metrics.
Apple's security advisories, available at support.apple.com/en-us/122373 and support.apple.com/en-us/122374, confirm the issue is fixed in macOS Sequoia 15.4 and macOS Sonoma 14.7.5. Mitigation requires updating affected systems to these patched versions, with additional details discussed in Full Disclosure mailing list posts from seclists.org/fulldisclosure/2025/Apr/8 and seclists.org/fulldisclosure/2025/Apr/9.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Kernel memory disclosure via type confusion/out-of-bounds read enables exploitation for privilege escalation (T1068) to kernel access and credential access (T1212) by leaking sensitive kernel data.