Description
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data.
Published: 2026-06-11
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An access issue within macOS's sandbox environment allowed a malicious application to read sensitive user data. The flaw bypasses additional sandbox restrictions and can lead to confidentiality violations if exploited, as the application may read protected files or information it should not access.

Affected Systems

The vulnerability affects Apple macOS systems prior to the release of macOS Tahoe 26.1. Earlier macOS versions lack the sandbox enhancements that fix this issue, so any system running those versions is potentially impacted.

Risk and Exploitability

The CVSS score is 5.5 and EPSS information is unavailable, but the vulnerability permits a malicious app to retrieve confidential data, which represents a high confidentiality risk. The attack vector is inferred to be a locally executed or installed application able to exploit the sandbox bypass. With no KEV listing, the likelihood of public exploitation remains uncertain, yet the potential impact warrants prompt action.

Generated by OpenCVE AI on June 11, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the macOS Tahoe 26.1 update or later to enforce the additional sandbox restrictions
  • Ensure that applications are downloaded only from trusted sources and verify that they do not request unnecessary access to user data
  • Review and limit application sandbox permissions where possible to reduce the attack surface even before a patch is applied

Generated by OpenCVE AI on June 11, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125634 cve-icon cve-icon
History

Thu, 11 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Title Sandbox Access Issue Allowing Malicious App to Read Sensitive User Data

Thu, 11 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285

Thu, 11 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Title Sandbox Access Issue Allowing Malicious App to Read Sensitive User Data
Weaknesses CWE-285

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 11 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-11T19:31:58.174Z

Reserved: 2025-04-16T15:24:37.110Z

Link: CVE-2025-43339

cve-icon Vulnrichment

Updated: 2026-06-11T19:31:51.018Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-11T19:16:33.930

Modified: 2026-06-11T20:51:53.840

Link: CVE-2025-43339

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T23:30:05Z

Weaknesses