Description
The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data.
Published: 2025-11-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Sensitive Data Access
Action: Apply Patch
AI Analysis

Impact

The flaw allows an application to read user‑sensitive data that it should be restricted from accessing. Adding additional logic intended to mitigate an earlier issue inadvertently left a weakness that permits malicious or poorly designed apps to bypass normal permission checks. This is a classic access‑control failure classified as CWE‑284, compromising the confidentiality and integrity of private information such as files, contacts, or system settings.

Affected Systems

Apple macOS is affected. The vulnerability exists in releases prior to macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1. Updating to these or later versions resolves the issue. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is below 1%, showing that the likelihood of exploitation is very low at the time of analysis. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local, requiring a malicious or misbehaving application to run on the user's machine and exploit the weakened permission model. No public exploits are known, so while the risk is low, applying the patch is advised.

Generated by OpenCVE AI on April 27, 2026 at 23:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, or macOS Tahoe 26.1 and any subsequent security updates
  • Review and tighten Privacy & Security permissions so that only trusted applications have access to sensitive data
  • Use system monitoring tools or review logs to detect unexpected data access by applications

Generated by OpenCVE AI on April 27, 2026 at 23:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Title macOS Access Control Bypass Allows Apps to Read Sensitive User Data

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access user-sensitive data. The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed by adding additional logic. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data. The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access user-sensitive data.
References

Wed, 05 Nov 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Tue, 04 Nov 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed by adding additional logic. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:18.336Z

Reserved: 2025-04-16T15:24:37.109Z

Link: CVE-2025-43335

cve-icon Vulnrichment

Updated: 2025-11-04T18:07:48.929Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:40.320

Modified: 2026-04-02T19:20:29.260

Link: CVE-2025-43335

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:15:06Z

Weaknesses