Symlink Vulnerability in macOS Sequoia Affecting Sensitive Data Access
CVE-2025-24242
4.4MEDIUM
Summary
This security issue arises from improper handling of symbolic links in macOS Sequoia. When exploited, it may allow applications with root privileges to gain unauthorized access to sensitive user data. Apple has addressed this vulnerability in version 15.4 of macOS Sequoia, enhancing the handling of symlinks to mitigate the risk. Users are encouraged to update their systems to the latest version to ensure protection against this vulnerability.
Affected Version(s)
macOS < 15.4
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved