CVE-2025-24218
📋 TL;DR
A privacy vulnerability in macOS allowed applications to access user contact information without proper authorization. This affected macOS systems before Sequoia 15.4, potentially exposing sensitive personal data to malicious or poorly-behaved applications.
💻 Affected Systems
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Malicious application harvests complete contact lists including names, phone numbers, email addresses, and other personal information, leading to privacy violations, identity theft, or targeted phishing campaigns.
Likely Case
Poorly secured or malicious applications inadvertently or intentionally access contact information, potentially violating user privacy and exposing personal data.
If Mitigated
With proper application sandboxing and security controls, only authorized applications can access contact data, minimizing exposure.
🎯 Exploit Status
Requires a malicious or compromised application to be installed and executed on the target system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Sequoia 15.4
Vendor Advisory: https://support.apple.com/en-us/122373
Restart Required: Yes
Instructions:
1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Sequoia 15.4 update 5. Restart when prompted
🔧 Temporary Workarounds
Application Sandboxing Enforcement
allEnsure all applications run with appropriate sandboxing and only grant contact access to trusted applications
🧯 If You Can't Patch
- Restrict installation of untrusted applications through MDM or security policies
- Regularly audit installed applications and remove unnecessary or suspicious software
🔍 How to Verify
Check if Vulnerable:
Check macOS version: if running macOS Sequoia earlier than 15.4, system is vulnerableCheck Version:
sw_versVerify Fix Applied:
Verify macOS version is 15.4 or later in System Settings > General > About📡 Detection & Monitoring
Log Indicators:
- Unusual application access to Contacts framework, unexpected contact data exports
Network Indicators:
- Unexpected outbound connections from applications that shouldn't access contact data
SIEM Query:
process_name:"Contacts" AND event_type:"access" AND user NOT IN [authorized_users]