CVE-2025-24204

Name of the Vulnerable Software and Affected Versions macOS versions 15.0 through 15.2 macOS version 15.3 macOS versions prior to 15.4

Description The issue involves a lack of protection for sensitive data within the macOS operating system. Exploitation could allow a remote attacker to disclose protected information. The root cause stems from the /usr/bin/gcore utility being mistakenly granted a task-port read entitlement in macOS 15.0, enabling memory dumps of any process, even with System Integrity Protection (SIP) enabled. This could expose Keychain data, bypass Transparency, Consent, and Control (TCC), and decrypt iOS app binaries. The issue was addressed by improving checks and removing the entitlement in macOS 15.3. The vulnerability allows reading process memory despite SIP being enabled.

Recommendations macOS versions 15.0 through 15.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. macOS version 15.3: Update to macOS Sequoia 15.4. macOS versions prior to 15.4: Update to macOS Sequoia 15.4.