CVE-2025-24197
Description
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A logic issue in macOS allows an app to access sensitive user data; Apple addressed it with improved checks in macOS Sequoia 15.7, Sonoma 14.8, and Tahoe 26.
CVE-2025-24197 is a logic issue in macOS that could allow an app to access sensitive user data. Apple resolved the flaw by implementing improved checks in the operating system's permission handling [1][3][4].
The vulnerability does not require user interaction beyond running a malicious app. An attacker with the ability to execute code on the system could exploit this logic flaw to bypass privacy protections [1][4].
Successful exploitation could lead to unauthorized access to sensitive user data, such as documents, contacts, or other protected information [1][3][4].
Apple has released patches in macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26. Users are advised to update to the latest version. No workarounds are available [1][3][4].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=14.0,<14.8
- (no CPE)range: >=15.7, >=14.8, >=26
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- support.apple.com/en-us/125111nvdRelease NotesVendor Advisory
- support.apple.com/en-us/125112nvdRelease NotesVendor Advisory
- seclists.org/fulldisclosure/2025/Sep/53nvd
- seclists.org/fulldisclosure/2025/Sep/54nvd
- seclists.org/fulldisclosure/2025/Sep/55nvd
- support.apple.com/en-us/125110nvd
News mentions
0No linked articles in our index yet.