Description
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
Published: 2026-06-11
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A privacy issue was addressed by removing the vulnerable code in macOS. The flaw could allow an application to access sensitive user data, potentially exposing confidential information to unauthorized parties.

Affected Systems

Apple macOS is affected, with the problem removed in macOS Sequoia 15.4. Systems running any earlier version of macOS are at risk as the vulnerable code has not been patched.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating that no widespread exploitation has been observed. The attack vector is not explicitly stated, but it is inferred that any installed application that can read user data may abuse the weakness, leading to confidentiality exposure.

Generated by OpenCVE AI on June 11, 2026 at 22:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to Sequoia 15.4 or later to eliminate the vulnerable code.
  • Review and revoke any application permissions that grant read access to sensitive personal data.
  • If an update is delayed, enforce stricter sandboxing or least‑privilege controls on applications that may be affected.

Generated by OpenCVE AI on June 11, 2026 at 22:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/122373 cve-icon cve-icon
History

Thu, 11 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title macOS Privacy Issue Allowing App Access to Sensitive User Data

Thu, 11 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Title macOS Privacy Issue Allowing App Access to Sensitive User Data
Weaknesses CWE-200

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 11 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-359
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-11T19:40:09.611Z

Reserved: 2025-03-22T00:04:43.720Z

Link: CVE-2025-30459

cve-icon Vulnrichment

Updated: 2026-06-11T19:39:33.146Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-11T19:16:27.463

Modified: 2026-06-11T20:51:53.840

Link: CVE-2025-30459

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:45:05Z

Weaknesses
  • CWE-359

    Exposure of Private Personal Information to an Unauthorized Actor