Description
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.
Published: 2026-06-11
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A malicious application can read private information on a macOS system because the operating system performs insufficient checks before allowing such access. The flaw does not permit arbitrary code execution; it merely enables an attacker to discover confidential data that the system or its applications normally protect. The CVSS score of 5.5 reflects a moderate severity, highlighting a noteworthy privacy risk but not an exploit that results in full system compromise.

Affected Systems

Apple macOS is affected, with the vulnerability present in all releases older than macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Devices running any earlier version of these macOS lines are susceptible to exploitation via a malicious app that attempts to read private data.

Risk and Exploitability

The flaw is exploitable only locally, requiring the attacker to install a malicious application on the target machine. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, which suggests fewer active exploits at present. Nevertheless, the potential for private data leakage represents a significant privacy threat, particularly on systems that have not yet applied the security updates. The moderate CVSS score indicates that while the attack does not lead to system takeover, it still poses a realistic risk of sensitive information exposure.

Generated by OpenCVE AI on June 11, 2026 at 21:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the macOS update that contains the fix—macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5 or later.
  • Ensure that all third‑party applications are signed by trusted developers and have passed Apple’s notarization process to reduce the risk of malicious code executing on the machine.
  • Consider enabling or tightening the App Sandbox to restrict installed applications from reading private data unless explicitly permitted by the user.

Generated by OpenCVE AI on June 11, 2026 at 21:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title macOS Unauthorized Access to Private Information via Malicious App

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 11 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-693
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-11T19:05:43.332Z

Reserved: 2025-03-22T00:04:43.716Z

Link: CVE-2025-30431

cve-icon Vulnrichment

Updated: 2026-06-11T19:05:35.780Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-11T19:16:27.360

Modified: 2026-06-11T20:51:53.840

Link: CVE-2025-30431

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:00:08Z

Weaknesses
  • CWE-693

    Protection Mechanism Failure