Apple has released security updates addressing vulnerabilities in its products and recommends users to update to the latest versions to mitigate risks. Affected: Apple products, macOS, App Store, user data security
Keypoints :
- Apple announced security updates for vulnerabilities in its software.
- Xcode 16.3 contains vulnerabilities allowing malicious apps to access personal information.
- macOS Sequoia 15.4 and Sonoma 14.7.5 have multiple vulnerabilities affecting user data security.
- macOS Ventura 13.7.5 has critical issues that allow apps to gain root access and manipulate sensitive data.
- A variety of CVE IDs are associated with different vulnerabilities, highlighting the extent of the security issues.
MITRE Techniques :
- Privilege Escalation (T1068) – Malicious apps can gain root privileges through vulnerabilities in various services like AccountPolicy and Crash Reporter.
- Data Exposure (T1071) – Applications can access sensitive user data through malicious means in services such as CloudKit, App Store, and System Settings.
- Denial of Service (T1499) – Certain vulnerabilities can lead to application crashes or system unresponsiveness.
- Command and Control (T1071) – Malicious content can track user activities via compromised web content in Safari and other applications.
- Abuse Elevation Control Mechanism (T1068) – Users can manipulate the system using general shortcuts to access restricted data.
Indicator of Compromise :
- [CVE] CVE-2025-24226
- [CVE] CVE-2025-30441
- [CVE] CVE-2025-24234
- [CVE] CVE-2025-24097
- [CVE] CVE-2025-24276
Full Story: https://erteam.tistory.com/533699
Views: 4