macOS, Password Storage Vulnerability, CVE-2025-24245 (Critical)

By /

How the CVE Works:

CVE-2025-24245 is a critical flaw in macOS Sequoia versions prior to 15.4, allowing malicious apps to bypass security delays between password verification attempts. Attackers exploit weak timing controls in the keychain access mechanism, enabling brute-force attacks on stored credentials. The vulnerability stems from improper handling of cryptographic verification delays, letting unauthorized apps extract passwords without rate-limiting. Successful exploitation grants full access to saved credentials, including iCloud keys and application passwords. Apple patched this by enforcing strict delay policies between failed attempts.

DailyCVE Form:

Platform: macOS
Version: <15.4
Vulnerability: Password bypass
Severity: Critical
Date: 04/04/2025

What Undercode Say:

Analytics:

  • Attack vector: Local (malicious app)
  • Exploitability: High (low-code brute-forcing)
  • Patch gap: 7 days from disclosure to fix

Exploit Commands:

Bruteforce keychain access (PoC)
while ! ./keychain_dumper -a; do sleep 0.1; done

// Malicious app snippet (Swift)
let query: [bash] = [
kSecClass as String: kSecClassGenericPassword,
kSecReturnData as String: true
]
var item: CFTypeRef?
SecItemCopyMatching(query as CFDictionary, &item)

Protection Commands:

Verify macOS version
sw_vers -productVersion
Manual patch (if update delayed)
sudo defaults write /Library/Preferences/com.apple.security.plist BruteforceDelay -int 5

Detection Code (Python):

import subprocess
version = subprocess.check_output([bash]).decode().strip()
if version < "15.4":
print("[bash] Vulnerable to CVE-2025-24245")

Mitigation Steps:

1. Update to macOS 15.4+ via System Preferences.

  1. Revoke app permissions in Security & Privacy > Accessibility.

3. Audit third-party apps using `codesign -dv /Applications/AppName.app`.

Apple’s Patch Notes:

  • Enforced 5-second delay between password attempts.
  • Added process isolation for keychain services.
  • Logs repeated access attempts to /var/log/system.log.

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-24245
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top