CVE-2025-24280: 
macOS vulnerability analysis and mitigation

An access issue was discovered in macOS that could allow an app to access user-sensitive data. The vulnerability (CVE-2025-24280) affects macOS Sequoia versions up to 15.4 and macOS Sonoma versions up to 14.7.5. The issue was discovered by security researcher Kirin (@Pwnrin) and was disclosed on March 31, 2025 (Apple Advisory, Apple Advisory).

The vulnerability stems from an access control issue within the Shortcuts component of macOS. The issue was related to insufficient sandbox restrictions that could allow unauthorized access to sensitive user data. Apple addressed this by implementing additional sandbox restrictions. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

If exploited, this vulnerability could allow a malicious application to access user-sensitive data, potentially compromising user privacy and exposing confidential information (Apple Advisory).

Apple has released security updates to address this vulnerability in macOS Sequoia 15.4 and macOS Sonoma 14.7.5. Users are advised to update their systems to these versions or later to protect against potential exploitation (Apple Advisory, Apple Advisory).