PatchSiren cyber security CVE debrief
CVE-2025-24284 Apple CVE debrief
CVE-2025-24284 is a HIGH severity vulnerability in Apple macOS, with a CVSS score of 8.8. The issue was addressed with improved checks to prevent unauthorized actions and is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox due to this vulnerability.
- Vendor
- Apple
- Product
- macOS
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of Apple macOS, particularly those who install apps from outside the App Store, should be aware of this vulnerability and ensure they are running macOS Sequoia 15.4 or later.
Technical summary
The vulnerability, tracked as CVE-2025-24284, allows an app to break out of its sandbox. This issue was addressed with improved checks to prevent unauthorized actions and is fixed in macOS Sequoia 15.4.
Defensive priority
HIGH
Recommended defensive actions
- Update to macOS Sequoia 15.4 or later.
- Only install apps from trusted sources, such as the App Store.
- Be cautious when granting permissions to apps.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].
Official resources
-
CVE-2025-24284 CVE record
CVE.org
-
CVE-2025-24284 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Release Notes
CVE-2025-24284 was published on 2026-06-11T19:16:27.253Z and modified on 2026-06-12T12:38:25.207Z.