CVE-2025-24174
Published: 27 January 2025
Summary
CVE-2025-24174 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Apple Macos. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique TCC Manipulation (T1548.006); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access, directly preventing apps from bypassing macOS Privacy preferences.
Requires timely identification, reporting, and correction of flaws like CVE-2025-24174 through patching macOS updates.
Enforces least privilege for apps, limiting the scope of access even if privacy preference bypass occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables bypassing and modifying macOS Privacy preferences (TCC controls), facilitating unauthorized access to restricted resources as described in T1548.006 TCC Manipulation.
NVD Description
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to bypass Privacy preferences.
Deeper analysisAI
CVE-2025-24174 is a vulnerability in macOS that allows an app to bypass Privacy preferences. The issue was addressed through improved checks and is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3, indicating that earlier versions of these macOS releases are affected. It has a CVSS v3.1 base score of 7.7 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), though NVD-CWE-noinfo is also listed.
A local attacker can exploit this vulnerability with low complexity, requiring no privileges or user interaction. Successful exploitation enables high-impact confidentiality and integrity violations, such as an app accessing or modifying protected privacy settings and potentially sensitive user data that would otherwise be restricted.
Apple's security advisories detail the patches in the specified macOS updates, recommending users apply them promptly to mitigate the bypass of Privacy preferences. Additional details are available in the referenced support pages (https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, https://support.apple.com/en-us/122070) and Full Disclosure mailing list posts (http://seclists.org/fulldisclosure/2025/Jan/15, http://seclists.org/fulldisclosure/2025/Jan/16).
Details
- CWE(s)