Severity
High
Analysis Summary
CVE-2025-24279 CVSS:9.8
This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access contacts.
CVE-2025-24243 CVSS:7.8
Apple macOS Sonoma could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Audio component when opening a specially crafted file.
CVE-2025-24234 CVSS:7.8
Apple macOS Sonoma could allow a local attacker to gain root privileges in the AccountPolicy component, caused by an error when using a specially crafted application.
CVE-2025-24263 CVSS:9.8
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
CVE-2025-24170 CVSS:7.8
Apple macOS Sonoma could allow a local attacker to gain root privileges in the CoreServices component, caused by an error when using a specially crafted application.
Impact
- Code Execution
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
CVE-2025-24279
CVE-2025-24243
CVE-2025-24234
CVE-2025-24263
CVE-2025-24170
Affected Vendors
- Apple
Affected Products
- Apple macOS - unspecified
- Apple macOS Sonoma - 14.7.4
Remediation
Refer to the Apple security document for patch, upgrade, or suggested workaround information.