Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.
Published: 2026-04-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Private Data
Action: Apply Patch
AI Analysis

Impact

A permissions issue in macOS allows an application that runs with root privileges to read private information that should be protected. The flaw is classified as a CWE‑284 missing or inappropriate authorization. If an attacker can execute code as root or otherwise obtain root privileges, they can bypass the normal access controls and gather confidential data, potentially exposing sensitive user information.

Affected Systems

Apple macOS, versions released before macOS Sequoia 15.1. The vulnerability has been fixed in Sequoia 15.1 and later releases.

Risk and Exploitability

The CVSS score of 7.5 indicates a medium-to-high severity vulnerability. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog, which suggests it may not yet be actively exploited. However, because the exploit requires root‑level execution, the attack vector is limited to scenarios where the attacker already has or can elevate to root privileges. Once root access is achieved, the attacker can immediately read private data and compromise confidentiality.

Generated by OpenCVE AI on April 2, 2026 at 21:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply macOS Sequoia 15.1 or later update promptly
  • Verify that no unauthorized root‑privileged applications are installed
  • Review system logs for unexpected root activity
  • Keep the operating system updated with the latest security patches

Generated by OpenCVE AI on April 2, 2026 at 21:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/121564 cve-icon cve-icon
History

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title macOS Root Privileges Enable Private Data Access
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T19:59:30.524Z

Reserved: 2024-08-20T21:42:05.945Z

Link: CVE-2024-44219

cve-icon Vulnrichment

Updated: 2026-04-02T19:58:14.401Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T19:18:23.097

Modified: 2026-04-03T17:54:56.533

Link: CVE-2024-44219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:16:58Z

Weaknesses