Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app with root privileges may be able to access private information.
Published: 2025-11-04
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability is a permissions issue that allowed an application with root privileges to read data that should otherwise be restricted. Additional restrictions were added to prevent the abnormal access, and the weakness is identified as CWE–863, a failure to enforce permission checks.

Affected Systems

Apple macOS versions prior to the fix are affected. The issue is resolved in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1. Systems running any earlier release of these operating systems may be vulnerable.

Risk and Exploitability

The CVSS score is 4.4, indicating low severity, and the EPSS score is below 1 %, meaning the likelihood of exploitation is very small. The vulnerability is not listed in CISA KEV. Based on the description, it is inferred that an attacker would need an existing foothold that provides root privileges to exploit this flaw, which typically results from a prior compromise. Because the flaw merely escalates the privilege level already held, the overall risk remains limited.

Generated by OpenCVE AI on April 28, 2026 at 10:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to at least Sequoia 15.7.2, Sonoma 14.8.2 or Tahoe 26.1, which include the vendor‑supplied fix.
  • Restrict non‑essential applications from running with root privileges to reduce the attack surface.
  • Monitor system logs for unexpected use of root privileges to detect any misuse.

Generated by OpenCVE AI on April 28, 2026 at 10:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
Title Root Privilege App May Access Private Information Due to Permissions Issue

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app with root privileges may be able to access private information. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app with root privileges may be able to access private information.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app with root privileges may be able to access private information. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app with root privileges may be able to access private information.
References

Wed, 05 Nov 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Tue, 04 Nov 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app with root privileges may be able to access private information.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:15:20.081Z

Reserved: 2025-04-16T15:24:37.109Z

Link: CVE-2025-43336

cve-icon Vulnrichment

Updated: 2025-11-04T19:09:47.698Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:40.433

Modified: 2026-04-02T19:20:29.413

Link: CVE-2025-43336

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:30:29Z

Weaknesses