CVE-2025-24146 – A macOS vulnerability in the Messages app where... (How to Fix)

Q: What is the severity of CVE-2025-24146?

CVE-2025-24146 has a CVSS score of 9.8 (CRITICAL). A macOS vulnerability in the Messages app where deleting conversations may expose user contact information in system logs. This affects users running vulnerable macOS versions who delete Messages conversations. Sensitive data could be accessed by local users or attackers with system access.

📋 TL;DR

A macOS vulnerability in the Messages app where deleting conversations may expose user contact information in system logs. This affects users running vulnerable macOS versions who delete Messages conversations. Sensitive data could be accessed by local users or attackers with system access.

💻 Affected Systems

Products:

macOS Messages app

Versions: Versions prior to macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects standard macOS installations with Messages app enabled. No special configuration required.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers with local system access could extract contact information from system logs, potentially enabling social engineering, phishing, or identity theft attacks.

🟠

Likely Case

Local users or malware with system access could harvest contact information from logs, compromising user privacy and potentially enabling targeted attacks.

🟢

If Mitigated

With proper access controls and log monitoring, exposure is limited to authorized system administrators only.

🌐 Internet-Facing: LOW - This is a local information disclosure vulnerability requiring system access.

🏢 Internal Only: MEDIUM - Internal users with system access could exploit this to gather sensitive contact information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local system access to read system logs. No authentication bypass needed once local access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3

Vendor Advisory: https://support.apple.com/en-us/122068

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available macOS updates. 3. Restart system when prompted.

🔧 Temporary Workarounds

Disable Messages app

macos

Temporarily disable the Messages application to prevent exposure of contact information.

sudo launchctl unload -w /System/Library/LaunchAgents/com.apple.imagent.plist

Restrict log access

macos

Implement strict permissions on system log files to prevent unauthorized access.

sudo chmod 640 /var/log/system.log
sudo chown root:admin /var/log/system.log

🧯 If You Can't Patch

Implement strict access controls on system logs to limit who can read them
Monitor system log access and implement alerting for unauthorized log file access

🔍 How to Verify

Check if Vulnerable:

Check macOS version: if running Ventura <13.7.3, Sequoia <15.3, or Sonoma <14.7.3, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is Ventura 13.7.3, Sequoia 15.3, or Sonoma 14.7.3 or later.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to system.log or asl files
Patterns of log file access by non-admin users

Network Indicators:

None - this is a local information disclosure vulnerability

SIEM Query:

source="macos_system_logs" AND (event="file_access" AND target_file="*system.log*") AND user!="admin"

📊 Metadata

CVE ID: CVE-2025-24146

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-200

EPSS Score: 0.42% exploit probability (61.2th percentile)

Published: January 27, 2025

Last Updated: November 3, 2025

🔗 References

https://support.apple.com/en-us/122068 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122069 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122070 Release Notes,Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jan/15
http://seclists.org/fulldisclosure/2025/Jan/16
http://seclists.org/fulldisclosure/2025/Jan/17

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24146, you might also want to check these: