Login Sign Up

CVE-2025-24178

9.8 CRITICAL

📋 TL;DR

This vulnerability allows a malicious app to escape its sandbox restrictions on affected Apple operating systems, potentially gaining unauthorized access to system resources or other apps' data. It affects macOS, tvOS, iPadOS, and iOS users running outdated versions of these operating systems.

💻 Affected Systems

Products:
  • macOS
  • tvOS
  • iPadOS
  • iOS
Versions: Versions prior to macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5
Operating Systems: macOS, tvOS, iPadOS, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. The vulnerability requires a malicious app to be installed on the device.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code with system privileges, access sensitive data, or install persistent malware.

🟠

Likely Case

Local privilege escalation allowing malicious apps to access other apps' data, system files, or perform unauthorized actions.

🟢

If Mitigated

Limited impact if proper app vetting processes are in place and users only install trusted applications from official sources.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed on the target device. No public exploit code has been disclosed as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5

Vendor Advisory: https://support.apple.com/en-us/122371

Restart Required: Yes

Instructions:

1. Open System Settings (macOS) or Settings (iOS/iPadOS/tvOS). 2. Navigate to General > Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation Sources

all

Configure devices to only allow app installations from the App Store and identified developers

For macOS: System Settings > Privacy & Security > Allow apps downloaded from: App Store
For iOS/iPadOS: Settings > General > Device Management > App Restrictions

🧯 If You Can't Patch

  • Implement strict application allowlisting policies to prevent installation of untrusted applications
  • Isolate vulnerable devices from critical network segments and sensitive data

🔍 How to Verify

Check if Vulnerable:

Check the current OS version against the patched versions listed in the advisory

Check Version:

For macOS: sw_vers -productVersion, For iOS/iPadOS: Settings > General > About > Version, For tvOS: Settings > General > About > Version

Verify Fix Applied:

Verify the OS version matches or exceeds the patched versions: macOS Ventura 13.7.5+, tvOS 18.4+, iPadOS 17.7.6+, iOS 18.4+, macOS Sequoia 15.4+, macOS Sonoma 14.7.5+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process spawning from sandboxed applications
  • System integrity protection (SIP) violations
  • Unauthorized file access attempts from app containers

Network Indicators:

  • Unusual outbound connections from applications that shouldn't have network access

SIEM Query:

source="apple_system_logs" AND (event="sandbox_violation" OR process="*" AND parent_process IN ("App1","App2"))

📊 Metadata

CVE ID: CVE-2025-24178
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.65% exploit probability (70.4th percentile)
Published: March 31, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON