CVE-2025-24218: 
macOS vulnerability analysis and mitigation

A privacy issue was discovered in macOS Sequoia affecting the Summarization Services component. The vulnerability (CVE-2025-24218) was disclosed on March 31, 2025, and fixed in macOS Sequoia 15.4. The issue allows an app to potentially access information about a user's contacts due to improper private data redaction in log entries (Apple Support).

The vulnerability stems from insufficient data redaction mechanisms in the logging functionality of macOS Sequoia's Summarization Services. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access is required with low attack complexity and no privileges needed, but user interaction is required (NVD).

The vulnerability could allow a malicious application to access sensitive information about a user's contacts through log entries that weren't properly redacted. This presents a significant privacy concern as it could expose personal contact information without user authorization (Apple Support).

Apple has addressed this vulnerability by improving private data redaction for log entries in macOS Sequoia 15.4. Users are advised to update their systems to this version to protect against potential exploitation (Apple Support).

The vulnerability was discovered and reported by security researchers Kirin, FlowerCode, and Bohdan Stasiuk (@bohdan_stasiuk), demonstrating continued security research interest in Apple's privacy features (Apple Support).