According to a report by Help Net Security, a security researcher found a vulnerability in macOS Sequoia while using a utility created by Microsoft. When exposed, the vulnerability could allow an attack to bypass macOS’s System Integrity Protection and read the memory of any process.

FFRI Security’s Koh Nakagawa made the find while using ProcDump for Mac, a utility by Microsoft that performs process crash dumps so developers can monitor CPU and memory usage. During a presentation at Nullcon Berlin, Nakagawa said he initially thought that the Mac’s SIP would prevent ProDump from being a useful tool, but then discovered that the tool calls upon a special entitlement granted to a macOS component called gcore.

Nakagawa found that gcore dumps memory from any process, and that memory dump includes keychain information. He was able to find the key used to encrypt keychain and use that information to decrypt the keychain without needing a user password.

The vulnerability was recorded as CVE-2025-24204 in the National Vulnerability Database. Apple addressed the exploit in the macOS Sequoia 15.3 update in January. It is customary for researchers to present their findings after the vulnerability has been fixed.

Apple releases security patches through OS updates, so installing them as soon as possible is important. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.