CVE-2025-24246
Published: 31 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-24246 is an injection vulnerability addressed through improved input validation, enabling an app to access user-sensitive data. It affects macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The issue, published on 2025-03-31, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network with low complexity. By leveraging a malicious app, the attacker gains high-impact access to user-sensitive data, along with potential for high confidentiality, integrity, and availability disruptions as indicated by the CVSS metrics.
Apple security advisories detail the fix via improved validation in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Practitioners should apply these updates promptly, with further details available in the referenced support pages (https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375) and Full Disclosure archives (http://seclists.org/fulldisclosure/2025/Apr/10, http://seclists.org/fulldisclosure/2025/Apr/8).
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The injection vulnerability due to insufficient input validation directly enables a malicious app to access sensitive user data on the local macOS system, mapping to T1005 Data from Local System.