AI description
CVE-2025-24204 is a vulnerability in macOS Sequoia 15.0 where the `/usr/bin/gcore` utility was mistakenly granted the `com.apple.system-task-ports.read` entitlement. This allowed the utility to read the memory of any process on the system, even with System Integrity Protection (SIP) enabled. Apple addressed this issue with improved checks in macOS Sequoia 15.4. The vulnerability allowed access to protected user data. A researcher discovered that this broke a key security boundary and exposed sensitive user data, including the contents of the Keychain, data protected by Transparency, Consent, and Control (TCC), and even encrypted iOS app binaries. By dumping memory of apps, the contents of protected files could be recovered.
- Description
- The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- macos
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-200
- Hype score
- Not currently trending
#macOS CVE-2025-24204 let #gcore read process memory despite SIP, exposing the login #keychain. Attackers could dump securityd to extract the Master Key and decrypt keychain contents without a password. Fixed in macOS 15.3. https://t.co/KxiQTmSxqN
@MeridianEU
5 Sept 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
plan to finish this project soon, still under development Support macOS 15.0-15.2, arm Mac. Based on CVE-2025-24204 https://t.co/GTDFPtVtbo
@Little_34306
5 Sept 2025
5642 Impressions
12 Retweets
99 Likes
32 Bookmarks
1 Reply
0 Quotes
CVE-2025-24204) that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue stems from Apple mistakenly granting the /usr/bin/gcore utility the https://t.co/PeQ2P2OD9v entitlement in macOS 15.0 (Sequoia). Apple removed
@minacrissDev_
5 Sept 2025
312 Impressions
1 Retweet
6 Likes
3 Bookmarks
0 Replies
0 Quotes
弊社エンジニアによる研究が 9/4 ~ 9/5 にインドで開催される Nullcon 2025 #NullconBerlin2025 に採択されました! #macOS のセキュリティ機構をバイパスするシンプルで深刻な脆弱性 CVE-2025-24204 について解説します。 h
@FFRI_Research
25 Aug 2025
472 Impressions
1 Retweet
10 Likes
1 Bookmark
0 Replies
0 Quotes
My submission for #NullconBerlin2025 has been accepted! I will talk about the details of CVE-2025-24204, which breaks process isolation on macOS. https://t.co/5WoVFak2x8
@tsunek0h
2 Jul 2025
2088 Impressions
4 Retweets
45 Likes
7 Bookmarks
1 Reply
0 Quotes
弊社エンジニアが発見・報告した脆弱性の情報が公開されました。 macOS のセキュリティ機構バイパス (CVE-2025-24204, CVE-2025-24242) https://t.co/9jDpAruKEU Dell Client Platform BIOS のスタックバッファオーバーフロー (CVE-2025-29988) https://t.co/3GqQdrvsXD https://t.co/g79RTTwEkn
@FFRI_Research
11 Apr 2025
396 Impressions
2 Retweets
10 Likes
1 Bookmark
0 Replies
0 Quotes
Haven’t been able to do vulnerability research for a while, but finally back at it. 2 CVEs and 1 additional recognition. CVE-2025-24204 is simple yet powerful. I'm planning to talk about it somewhere soon (hopefully). https://t.co/JU6z8PnoqI
@tsunek0h
1 Apr 2025
1031 Impressions
2 Retweets
23 Likes
3 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3BD0A90-23F1-430A-8119-E14055F7E621",
"versionEndExcluding": "15.4"
}
],
"operator": "OR"
}
]
}
]