Severity
High
Analysis Summary
CVE-2025-24278 CVSS:9.8
Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
CVE-2025-30446 CVSS:9.8
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app with root privileges may be able to modify the contents of system files.
CVE-2025-24239 CVSS:9.8
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
CVE-2025-24238 CVSS:9.8
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges.
Impact
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
CVE-2025-24278
CVE-2025-30446
CVE-2025-24239
CVE-2025-24238
Affected Vendors
- Apple
Affected Products
- Apple macOS - unspecified
- Apple tvOS - unspecified
- Apple iOS and iPadOS - unspecified
Remediation
Upgrade to the latest version, available from the Apple security document.