Rewterz

Multiple Google Chrome Vulnerabilities

April 3, 2025
Rewterz

Cisco Alerts, CSLU Backdoor Admin Account Exploited in Attacks

April 3, 2025

Multiple Apple Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-24278 CVSS:9.8

Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.

CVE-2025-30446 CVSS:9.8

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app with root privileges may be able to modify the contents of system files.

CVE-2025-24239 CVSS:9.8

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

CVE-2025-24238 CVSS:9.8

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges.

Impact

  • Privilege Escalation
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2025-24278

  • CVE-2025-30446

  • CVE-2025-24239

  • CVE-2025-24238

Affected Vendors

  • Apple

Affected Products

  • Apple macOS - unspecified
  • Apple tvOS - unspecified
  • Apple iOS and iPadOS - unspecified

Remediation

Upgrade to the latest version, available from the Apple security document.

Apple security document

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.