Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.
Published: 2026-04-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Data compromise via privilege escalation
Action: Apply patch
AI Analysis

Impact

A permissions issue allows an application running with root privileges to read private information that should otherwise be restricted. The weakness is a classic Improper Access Control flaw, categorized as CWE‑284. With the correct privileges, an attacker could obtain confidential user data, undermining privacy and possibly enabling further malicious actions.

Affected Systems

The vulnerability affects all macOS installations prior to the release of macOS Sequoia 15.1, which addressed the issue with additional restrictions. Users on any earlier macOS version that have not applied the 15.1 update are potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity problem. Exploitability is considered low, with an EPSS score of less than 1 percent, and the vulnerability is currently not listed in CISA’s KEV catalog. Attackers would need to execute or install malicious code with root privileges on the target machine; no remote exploitation vector is disclosed. The overall risk is moderate, driven primarily by the need for privileged access to exploit the flaw.

Generated by OpenCVE AI on April 3, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Sequoia 15.1 or later to apply the security fix
  • Verify that the operating system is current by checking System Settings → Software Update
  • Apply any additional vendor‑supplied patches or updates that address privilege‑escalation or access‑control weaknesses

Generated by OpenCVE AI on April 3, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/121564 cve-icon cve-icon
History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title macOS Root Privileges Enable Private Data Access

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title macOS Root Privileges Enable Private Data Access
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T19:59:30.524Z

Reserved: 2024-08-20T21:42:05.945Z

Link: CVE-2024-44219

cve-icon Vulnrichment

Updated: 2026-04-02T19:58:14.401Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T19:18:23.097

Modified: 2026-04-03T17:54:56.533

Link: CVE-2024-44219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:55:39Z

Weaknesses