CVE-2025-24239: 
macOS vulnerability analysis and mitigation

A downgrade issue was discovered in macOS Sequoia affecting versions prior to 15.4. The vulnerability (CVE-2025-24239) was reported by Wojciech Regula of SecuRing and disclosed on March 31, 2025. The issue exists in the AppleMobileFileIntegrity component of macOS Sequoia, where an application may be able to access protected user data (Apple Advisory).

The vulnerability stems from a downgrade issue that was addressed with additional code-signing restrictions in the AppleMobileFileIntegrity component. The issue has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability allows a malicious application to access protected user data, potentially exposing sensitive information to unauthorized actors. This represents a significant privacy and security risk for affected systems (Apple Advisory).

Apple has addressed this vulnerability in macOS Sequoia 15.4. Users are strongly advised to update their systems to this version to protect against potential exploitation. The fix implements additional code-signing restrictions to prevent unauthorized access to protected user data (Apple Advisory).