Description
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.
Published: 2026-05-26
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logic issue in macOS was exploited by a malicious application to gain root privileges. The flaw is duplicated across macOS Sequoia, Sonoma, and Tahoe platforms, and has been mitigated with improved checks. An attacker running an application that is tricked or designed to trigger the flaw can execute arbitrary system commands at the highest privilege level, enabling complete control over the affected machine.

Affected Systems

Apple macOS users running a version earlier than macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26 are at risk. The affected operating systems span the Sequoia, Sonoma, and Tahoe releases, with the vulnerability addressed in the specified update releases.

Risk and Exploitability

The EPSS score is not available, but the vulnerability leads directly to local privilege escalation, giving attackers complete system access. The vulnerability is not listed in the CISA KEV catalog, indicating no known widespread exploitation at the time of analysis. The likely attack vector is the installation or execution of a malicious app that convinces macOS to apply the faulty logic, after which the attacker can elevate privileges. The absence of a publicly available exploit does not diminish the inherent risk of local privilege escalation once exploitation is achieved.

Generated by OpenCVE AI on May 27, 2026 at 04:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to the latest supported release (macOS Sequoia 15.7 or later, macOS Sonoma 14.8 or later, or macOS Tahoe 26 or later).
  • Configure Gatekeeper to allow only apps from the App Store or identified developers and disable the option to allow apps from anywhere.
  • Ensure System Integrity Protection (SIP) is enabled to guard against privilege escalation or remove any installed applications that might exploit the logic flaw.

Generated by OpenCVE AI on May 27, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 27 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title macOS Logic Issue Allows Malicious App to Gain root Privileges

Wed, 27 May 2026 03:15:00 +0000

Type Values Removed Values Added
Title Root Privilege Escalation via Logic Bug in macOS
Weaknesses CWE-284
CWE-285

Wed, 27 May 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Root Privilege Escalation via Logic Bug in macOS
Weaknesses CWE-284
CWE-285

Tue, 26 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-28T03:55:22.438Z

Reserved: 2025-04-16T15:24:37.105Z

Link: CVE-2025-43306

cve-icon Vulnrichment

Updated: 2026-05-27T00:12:04.345Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T22:16:40.823

Modified: 2026-05-27T20:02:49.877

Link: CVE-2025-43306

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T04:30:16Z

Weaknesses
  • CWE-269

    Improper Privilege Management