Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.
Published: 2026-05-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an improper access control that permits an application to write to protected areas of the macOS file system that should be read‑only or otherwise restricted. This capability allows the app to alter system files or critical configuration data, which could lead to compromise of system integrity.

Affected Systems

Apple macOS is affected when running versions older than Sequoia 15.7, Sonoma 14.8, or Tahoe 26. All users of these operating systems should upgrade to the latest release to eliminate the flaw.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no documented public exploits at this time. However, the ability to modify protected system files represents a significant integrity risk. Based on the description, it is likely that the attack vector is local, where an application with appropriate permissions can modify protected areas.

Generated by OpenCVE AI on May 27, 2026 at 04:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to macOS Sequoia 15.7, Sonoma 14.8, or Tahoe 26 as available
  • Restrict the affected application’s file system permissions using System Settings → Security & Privacy → App Permissions
  • Ensure that System Integrity Protection (SIP) remains enabled to provide an additional layer of protection

Generated by OpenCVE AI on May 27, 2026 at 04:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 27 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title macOS File System Permission Issue Allowing Unauthorized Modification

Wed, 27 May 2026 03:45:00 +0000

Type Values Removed Values Added
Title macOS File System Modification Permission Flaw
Weaknesses CWE-284

Wed, 27 May 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-732
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Tue, 26 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title macOS File System Modification Permission Flaw
Weaknesses CWE-284

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-27T00:13:08.623Z

Reserved: 2025-04-16T15:24:37.102Z

Link: CVE-2025-43290

cve-icon Vulnrichment

Updated: 2026-05-27T00:13:00.807Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T22:16:40.720

Modified: 2026-06-17T09:23:40.687

Link: CVE-2025-43290

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T04:30:16Z

Weaknesses
  • CWE-732

    Incorrect Permission Assignment for Critical Resource