A critical vulnerability has been identified in multiple versions of Apple's macOS operating system. This flaw, rated with a CVSS score of 9.8, could allow a malicious application installed on a user's machine to act as a network proxy and intercept otherwise secure HTTPS traffic. Successful exploitation could lead to the complete compromise of sensitive data, such as login credentials, financial details, and private communications.

The vulnerability stems from improper access restrictions within the macOS networking framework. An attacker can exploit this by convincing a user to install a malicious application. Once installed, this application can register itself as a system-wide HTTPS proxy without requiring elevated privileges. Due to the flaw, the malicious proxy is able to intercept and decrypt encrypted traffic, effectively performing a Man-in-the-Middle (MITM) attack on the local machine and gaining access to sensitive data transmitted over HTTPS.

This vulnerability presents a critical risk to the organization, reflected by its 9.8 CVSS score. Exploitation could lead to the widespread theft of confidential data, including employee and customer credentials, proprietary intellectual property, and financial information. The consequences of such a breach include significant financial loss, severe reputational damage, and potential regulatory penalties for non-compliance with data protection standards. Any macOS device used to access corporate resources should be considered a high-value target for this attack.

Immediate Action: Update all affected macOS devices to the latest secure versions as specified by the vendor: macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7. After patching, review system and network logs for any signs of prior exploitation, such as unauthorized proxy configurations or suspicious application installations.

Proactive Monitoring: Monitor endpoints for unusual system proxy modifications and unexpected certificate warnings. Use an Endpoint Detection and Response (EDR) solution to alert on processes that attempt to alter network settings. Scrutinize network traffic for anomalies and review application installation logs to identify any unauthorized or malicious software.

Compensating Controls: If immediate patching is not feasible, implement application whitelisting or strict code signing enforcement to prevent the execution of unauthorized applications. Deploy network-level security controls to detect and block anomalous traffic patterns. Educate users on the dangers of installing software from untrusted sources.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) of this vulnerability, we recommend immediate and urgent action. All affected macOS endpoints must be patched to the vendor-recommended versions without delay. Prioritize patching for systems used by executives, developers, and employees with access to sensitive corporate data. Although this CVE is not currently on the CISA KEV list, its potential impact warrants treating it with the highest priority.