How the CVE Works:
CVE-2025-30424 is a logging flaw in macOS (Ventura, Sequoia, Sonoma) where sensitive user contact information from the Messages app is improperly redacted in system logs. When a user deletes a conversation, the logging mechanism fails to sanitize metadata, exposing details like phone numbers or email addresses in debug/system logs. Attackers with local access or elevated privileges could extract this data, leading to privacy violations. The issue stems from insufficient input validation during log generation in the Messages subsystem.
DailyCVE Form:
Platform: macOS
Version: Ventura 13.7.5, Sequoia 15.4, Sonoma 14.7.5
Vulnerability: Data exposure
Severity: Medium
Date: 04/07/2025
What Undercode Say:
Exploitation:
1. Local Log Analysis:
grep -r "Messages" /var/log/system.log
2. Privilege Escalation: Combine with kernel exploits to access restricted logs.
Mitigation:
1. Patch Immediately:
softwareupdate --install --all
2. Log Sanitization:
sudo sed -i '/Messages/d' /var/log/system.log
3. Disable Debug Logs:
sudo defaults write /Library/Preferences/com.apple.Messages DebugLogging -bool false
Detection:
1. Check Exposure:
log show --predicate 'process == "Messages"' --last 24h
2. Audit Script:
import re
with open("/var/log/system.log", "r") as f:
if re.search(r"Messages.@..com|\d{10}", f.read()):
print("EXPOSURE DETECTED")
Hardening:
1. Restrict Log Access:
chmod 640 /var/log/system.log
2. Enable SIP:
csrutil enable
References:
- Apple Security Advisory: HT2025-30424
- NVD: CVE-2025-30424
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-30424
Extra Source Hub:
Undercode
