CVE-2025-24245
📋 TL;DR
This vulnerability allows malicious applications to bypass verification code rate limiting and access saved passwords in macOS. It affects macOS users running versions before Sequoia 15.4. The issue stems from insufficient delay between verification attempts (CWE-862: Missing Authorization).
💻 Affected Systems
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all saved passwords including keychain items, website credentials, and system authentication data leading to full account takeover and identity theft.
Likely Case
Targeted extraction of specific saved passwords by malicious applications, potentially compromising email, banking, and other sensitive accounts.
If Mitigated
Limited password exposure if users have strong additional authentication factors enabled and minimal sensitive passwords stored.
🎯 Exploit Status
Exploitation requires user to install malicious application. The vulnerability bypasses rate limiting on verification attempts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Sequoia 15.4
Vendor Advisory: https://support.apple.com/en-us/122373
Restart Required: Yes
Instructions:
1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Sequoia 15.4 update 5. Restart when prompted
🔧 Temporary Workarounds
Disable Password Autofill
allTemporarily disable password autofill/keychain access for applications
Application Whitelisting
allRestrict application installations to trusted sources only
🧯 If You Can't Patch
- Implement application allowlisting to prevent unauthorized app installations
- Enable full disk encryption and use separate password managers instead of built-in keychain
🔍 How to Verify
Check if Vulnerable:
Check macOS version in System Settings > General > About. If version is earlier than 15.4, system is vulnerable.Check Version:
sw_versVerify Fix Applied:
Verify macOS version shows 15.4 or later in System Settings > General > About.📡 Detection & Monitoring
Log Indicators:
- Multiple rapid verification attempts in system logs
- Unauthorized keychain access attempts
Network Indicators:
- Unusual outbound connections from applications accessing password data
SIEM Query:
source="macos_system_logs" AND (event="verification_attempt" OR event="keychain_access") AND count > threshold