CVE-2025-24204
Published: 31 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-24204 is a vulnerability affecting macOS Sequoia versions prior to 15.4, where an app may be able to access protected user data. The issue stems from insufficient checks and is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.
Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no user privileges or interaction and without changing the scope of impact. A malicious app could leverage this flaw to read sensitive user data, potentially leading to unauthorized disclosure, modification, or disruption of system resources.
Apple addressed the vulnerability with improved checks in macOS Sequoia 15.4. Security practitioners should advise users to update to this version immediately. Additional details are available in Apple's security advisory at https://support.apple.com/en-us/122373 and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Apr/8.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows a malicious app to access protected user data on the local system due to insufficient checks, directly enabling T1005 Data from Local System for unauthorized collection of sensitive information.