Description
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access user-sensitive data.
Published: 2025-01-27
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Sensitive Data
Action: Apply Patches
AI Analysis

Impact

A race condition was discovered in macOS that allows a malicious application to read user‑sensitive data before proper validation occurs. The flaw is identified as CWE‑362 and can lead to unintended data leakage, compromising confidentiality but not integrity or availability. The vulnerability requires local code execution and exploits a timing gap between concurrent processes that access protected information.

Affected Systems

Apple macOS is affected, and the vulnerability exists in all releases prior to the following security updates: Sequoia 15.3, Sonoma 14.7.3, and Ventura 13.7.3. Systems running older versions are at risk.

Risk and Exploitability

The CVSS score of 4 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The flaw is not listed in the CISA KEV catalog, reducing priority for immediately critical remediation. The likely attack vector is local, requiring a process to run with user or higher privileges to trigger the race condition and gain access to sensitive data.

Generated by OpenCVE AI on April 28, 2026 at 04:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.3, Sonoma 14.7.3, Ventura 13.7.3, or a newer release that includes the race‑condition fix.
  • Evaluate third‑party applications that run with elevated privileges and remove or restrict any that are not strictly necessary for business operations.
  • After updating, enforce App Sandbox restrictions for sensitive files and verify that operating system permissions are appropriately configured to limit unexpected data access.

Generated by OpenCVE AI on April 28, 2026 at 04:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3612 A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access user-sensitive data.
History

Tue, 28 Apr 2026 04:30:00 +0000

Type Values Removed Values Added
Title Race Condition in macOS Enabling Unauthorized Access to User Sensitive Data

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access user-sensitive data. A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access user-sensitive data.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Thu, 30 Jan 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Weaknesses CWE-362
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:48.495Z

Reserved: 2025-01-17T00:00:44.967Z

Link: CVE-2025-24094

cve-icon Vulnrichment

Updated: 2025-11-03T21:00:53.035Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:15.450

Modified: 2026-04-02T19:18:58.450

Link: CVE-2025-24094

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:15:16Z

Weaknesses