Apple macOS up to 13.6/14.6/15.2 authorization

Summaryinfo

A vulnerability marked as problematic has been reported in Apple macOS up to 13.6/14.6/15.2. Affected by this vulnerability is an unknown functionality. This manipulation causes an unknown weakness. This vulnerability is handled as CVE-2025-24099. It is possible to launch the attack on the local host. There is not any exploit available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability has been found in Apple macOS up to 13.6/14.6/15.2 and classified as problematic. The CWE definition for the vulnerability is CWE-863. The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. The impact remains unknown. The summary by CVE is:

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges.

It is possible to read the advisory at support.apple.com. This vulnerability is known as CVE-2025-24099 since 01/17/2025. The exploitation appears to be easy. Attacking locally is a requirement. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 13.7, 14.7 or 15.3 eliminates this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Apple

Name

• macOS

Version

• 13.0
• 13.1
• 13.2
• 13.3
• 13.4
• 13.5
• 13.6
• 14.0
• 14.1
• 14.2
• 14.3
• 14.4
• 14.5
• 14.6
• 15.0
• 15.1
• 15.2

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion