A permissions flaw allowed any application to bypass standard access controls and read user data that should have remained private. The weakness, classified as a permissions error, lets a malicious or compromised app read protected files or information, disrupting user confidentiality but not integrity or availability directly. The vulnerability existed before Apple addressed it by removing vulnerable code and installing additional checks, meaning the impact remains if the affected code is still present in the system.

Apple macOS users affected by this flaw include all releases prior to macOS Sequoia 15.4, macOS Sonoma 14.7.5 and macOS Ventura 13.7.5. The issue was patched in those specific versions, so systems running earlier releases have the vulnerability exposed.

The CVSS score of 7.4 indicates high severity, but the EPSS score of less than 1 % implies that real‑world exploitation is unlikely at present. The flaw is not listed in the CISA KEV catalog, further suggesting limited known exploitation. Attackers would need to execute or run a third‑party application on the target machine; the vulnerability is therefore exploitable via local privilege escalation or by tricking users into installing malicious software. Because the attack does not require network access, organizations that enforce strict application whitelisting or use macOS security features can reduce risk.