Access Control Vulnerability in Apple macOS and iPadOS Products
CVE-2025-24215

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iPad OS; Mac OS
Vendor: CVE Published:; 31 March 2025

Summary

A security issue has been identified in Apple’s macOS and iPadOS systems, where a malicious application could potentially exploit access controls to gain unauthorized access to private information. This vulnerability has been addressed with enhancements in the verification processes, ensuring improved security in the affected products. Users are encouraged to update to the latest versions available to mitigate any risk associated with this flaw.

Affected Version(s)

iPadOS < 17.7

macOS < 15.4

macOS < 14.7

References

https://support.apple.com/en-us/122372

https://support.apple.com/en-us/122373

https://support.apple.com/en-us/122374

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Jan 17, 2025