In accordance with a report by Assist Internet Safety, a safety researcher discovered a vulnerability in macOS Sequoia whereas utilizing a utility created by Microsoft. When uncovered, the vulnerability might enable an assault to bypass macOS’s System Integrity Safety and browse the reminiscence of any course of.
FFRI Safety’s Koh Nakagawa made the discover whereas utilizing ProcDump for Mac, a utility by Microsoft that performs course of crash dumps so builders can monitor CPU and reminiscence utilization. Throughout a presentation at Nullcon Berlin, Nakagawa mentioned he initially thought that the Mac’s SIP would forestall ProDump from being a great tool, however then found that the device calls upon a particular entitlement granted to a macOS element known as gcore.
Nakagawa discovered that gcore dumps reminiscence from any course of, and that reminiscence dump consists of keychain data. He was capable of finding the important thing used to encrypt keychain and use that data to decrypt the keychain while not having a person password.
The vulnerability was recorded as CVE-2025-24204 within the Nationwide Vulnerability Database. Apple addressed the exploit within the macOS Sequoia 15.3 replace in January. It’s customary for researchers to current their findings after the vulnerability has been fastened.
Apple releases safety patches by way of OS updates, so putting in them as quickly as potential is necessary. Macworld has a number of guides to assist, together with a information on whether or not or not you want antivirus software program, a record of Mac viruses, malware, and trojans, and a comparability of Mac safety software program.
