Input Validation Flaw in macOS Products by Apple
CVE-2025-24274

7.8HIGH

Key Information:

Vendor

Apple

Status
Vendor
CVE Published:
12 May 2025

What is CVE-2025-24274?

An input validation vulnerability has been identified in Apple's macOS products, where a malicious application could exploit this issue to potentially gain root privileges. Apple has addressed this concern by removing the vulnerable code in recent updates, including macOS Ventura 13.7.6, macOS Sequoia 15.5, and macOS Sonoma 14.7.6. Ensuring that your systems are updated is crucial to maintaining security against such exploits.

Affected Version(s)

macOS < 15.5

macOS < 14.7

macOS < 13.7

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-24274 : Input Validation Flaw in macOS Products by Apple