Description
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privacy Violation
Action: Immediate Patch
AI Analysis

Impact

A privacy flaw was discovered in macOS where sensitive data was not moved to a protected location as intended. An application running on the system can observe this unprotected user data, thereby achieving unauthorized data exposure. The weakness aligns with CWE‑200, Information Exposure.

Affected Systems

Apple macOS versions prior to Sequoia 15.4 are potentially affected. The fix is included in macOS Sequoia 15.4 and later releases.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.8, indicating critical severity, but its EPSS score is less than 1 %, suggesting a low probability of exploitation at the present time. The flaw is not listed in the CISA KEV catalog. It is inferred that the most likely attack vector is a local application with sufficient privileges that can read user data before it is relocated to a protected area, enabling an attacker to observe or exfiltrate sensitive information.

Generated by OpenCVE AI on April 28, 2026 at 02:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply macOS Sequoia 15.4 or any later update that includes the fix.
  • Ensure all security updates are current by checking System Settings → Software Update repeatedly until the latest patch is installed.
  • Restrict or review active applications with elevated permissions, especially those that can access sensitive user data, to reduce the opportunity for malicious observation.

Generated by OpenCVE AI on April 28, 2026 at 02:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8944 A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
History

Tue, 28 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Apple macOS Sequoia Potential Data Observation Vulnerability

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 05:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:23:27.899Z

Reserved: 2025-01-17T00:00:45.016Z

Link: CVE-2025-24263

cve-icon Vulnrichment

Updated: 2025-11-03T21:11:37.643Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-31T23:15:23.247

Modified: 2025-11-07T16:17:12.090

Link: CVE-2025-24263

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:45:11Z

Weaknesses