CVE-2025-24284PATCHED

apple · macos

CVE-2025-24284: This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4

Description

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.

Affected Products

Vendor	Product	Versions
apple	macos	0, 15.3

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
apple	macos	cert_advisory	90%
su	suse linux	cert_advisory	90%

References

https://support.apple.com/en-us/122373

Related News (2 articles)

Tier B

BSI Advisories17d ago

[UPDATE] [hoch] Apple macOS: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB18d ago

CVE-2025-24284 | Apple macOS up to 15.3 App improper authorization

→ No new info (linked only)

CVSS 3.18.8 CRITICAL

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

15.4

PublishedJun 11, 2026

Last enriched18d agov2

Trending Score7

Source articles2

Independent2

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-28898EXP

CVE-2026-28898: swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing t

Trending: 32

CRITICALCVE-2026-49269

CVE-2026-49269: Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal at

Trending: 26

PRE-CVE

Multiple vulnerabilities in Apple iOS, iPadOS, and macOS Tahoe

Trending: 20

HIGHCVE-2025-31272

CVE-2025-31272: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass la

Trending: 6

CRITICALCVE-2025-46293

CVE-2025-46293: This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be ab

Trending: 6

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 11, 2026

Discovered by ZDM

Jun 11, 2026

Patch Available

Jun 11, 2026

Updated: affectedVersions, severity

Jun 11, 2026

Version History

Last enriched 18d ago

v2Tier C18d ago

Updated affected versions to include 15.3, changed severity to CRITICAL, and corrected exploit availability to false.

affectedVersionsseverity

via VulDB

v118d ago

Initial creation