CVE-2025-24229
Published: 31 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-24229 is a logic issue in macOS that was addressed through improved checks, enabling a sandboxed app to access sensitive user data. The vulnerability affects macOS versions prior to Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. It is classified under CWE-284 (Improper Access Control) with a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts without affecting availability.
A remote attacker with no privileges required can exploit this vulnerability over the network, though it demands high attack complexity and no user interaction. Successful exploitation allows the sandboxed app to bypass intended restrictions, granting access to sensitive user data and potentially enabling unauthorized modifications due to the high integrity impact.
Apple's security advisories detail the fix via improved checks in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5, recommending users update to these patched versions for mitigation. Additional details are available in the referenced support pages and full disclosure lists.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an improper access control issue (CWE-284) that directly enables a sandboxed app to bypass restrictions and access sensitive user data on the local system, mapping to T1005 Data from Local System.