Symlink Vulnerability in macOS Sequoia Affecting Sensitive Data Access
CVE-2025-24242

4.4MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 31 March 2025

Summary

This security issue arises from improper handling of symbolic links in macOS Sequoia. When exploited, it may allow applications with root privileges to gain unauthorized access to sensitive user data. Apple has addressed this vulnerability in version 15.4 of macOS Sequoia, enhancing the handling of symlinks to mitigate the risk. Users are encouraged to update their systems to the latest version to ensure protection against this vulnerability.

Affected Version(s)

macOS < 15.4

References

https://support.apple.com/en-us/122373

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Jan 17, 2025