Analysis Summary

CVE-2025-24279 CVSS:9.8

This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access contacts.

CVE-2025-24243 CVSS:7.8

Apple macOS Sonoma could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Audio component when opening a specially crafted file.

CVE-2025-24234 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain root privileges in the AccountPolicy component, caused by an error when using a specially crafted application.

CVE-2025-24263 CVSS:9.8

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.

CVE-2025-24170 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain root privileges in the CoreServices component, caused by an error when using a specially crafted application.

Impact

• Code Execution
• Privilege Escalation
• Gain Access

Indicators of Compromise

CVE

• CVE-2025-24279

• CVE-2025-24243

• CVE-2025-24234

• CVE-2025-24263

• CVE-2025-24170

Affected Vendors

Remediation

Refer to the Apple security document for patch, upgrade, or suggested workaround information.

CVE-2025-24279

CVE-2025-24243

CVE-2025-24234

CVE-2025-24263

CVE-2025-24170