CVE-2025-24097
📋 TL;DR
A permissions vulnerability in Apple operating systems allows applications to read arbitrary file metadata without proper authorization. This affects macOS, iOS, iPadOS, and tvOS users running vulnerable versions. The issue could expose sensitive file information to malicious applications.
💻 Affected Systems
- macOS
- iOS
- iPadOS
- tvOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Tvos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Malicious app could access metadata of sensitive files (e.g., location data, creation dates, file types) that could be used for reconnaissance or combined with other vulnerabilities for more severe attacks.
Likely Case
Malicious app collects file metadata for profiling user behavior or identifying valuable targets, potentially leading to privacy violations.
If Mitigated
With proper app sandboxing and user permission controls, impact is limited to metadata of files the app already has legitimate access to.
🎯 Exploit Status
Exploitation requires user to install a malicious application. No public exploit code has been disclosed as of the advisory date.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Sonoma 14.7.5, iOS 18.4, iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4
Vendor Advisory: https://support.apple.com/en-us/122371
Restart Required: Yes
Instructions:
1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted.
🔧 Temporary Workarounds
Restrict App Installation
allOnly install apps from trusted sources like the App Store
🧯 If You Can't Patch
- Implement application allowlisting to prevent unauthorized app execution
- Use mobile device management (MDM) to enforce security policies and restrict app installations
🔍 How to Verify
Check if Vulnerable:
Check current OS version in System Settings > General > AboutCheck Version:
sw_vers (macOS) or Settings > General > About (iOS/iPadOS)Verify Fix Applied:
Verify OS version matches or exceeds patched versions: macOS Sonoma 14.7.5+, iOS 18.4+, iPadOS 18.4+, tvOS 18.4+, macOS Sequoia 15.4+📡 Detection & Monitoring
Log Indicators:
- Unusual file metadata access patterns in system logs
- App sandbox violation logs
Network Indicators:
- Unexpected outbound connections from apps accessing local files
SIEM Query:
source="apple_system_logs" AND (event="sandbox_violation" OR event="file_metadata_access")🔗 References
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122377
- http://seclists.org/fulldisclosure/2025/Apr/11
- http://seclists.org/fulldisclosure/2025/Apr/13
- http://seclists.org/fulldisclosure/2025/Apr/4
- http://seclists.org/fulldisclosure/2025/Apr/8
- http://seclists.org/fulldisclosure/2025/Apr/9
- http://seclists.org/fulldisclosure/2025/May/6
