An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.
History

Tue, 27 May 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 13 May 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Tue, 13 May 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-05-12T21:43:02.055Z

Updated: 2025-05-13T21:00:59.615Z

Reserved: 2025-01-17T00:00:45.017Z

Link: CVE-2025-24274

cve-icon Vulnrichment

Updated: 2025-05-13T20:01:17.977Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-12T22:15:20.440

Modified: 2025-05-27T14:24:59.217

Link: CVE-2025-24274

cve-icon Redhat

No data.