Description
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. A sandboxed app may be able to access sensitive user data.
Published: 2025-11-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Sensitive User Data
Action: Patch
AI Analysis

Impact

A logic flaw in macOS allows a sandboxed application to read data that it should not be able to access. The weakness stems from inadequate access‑control checks (CWE‑284), and it can lead to confidential user information being disclosed without user consent. The flaw is scored as a moderate CVSS of 5.5, indicating that while the impact is limited compared to high‑severity exploits, it is still a significant concern for data privacy.

Affected Systems

The vulnerability affects Apple macOS. The workaround and fix are included in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1. Systems running earlier releases are potentially affected unless upgraded.

Risk and Exploitability

The EPSS score is less than 1 %, and the vulnerability is not listed in the CISA KEV catalog, which suggests that active exploitation in the wild is unlikely at this time. The likely attack vector involves a sandboxed application that attempts to bypass standard entitlement restrictions to read sensitive data. Once the logic bug is triggered, the application gains unauthorized access to protected information, compromising confidentiality for the affected user.

Generated by OpenCVE AI on April 27, 2026 at 23:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the macOS update that includes the fix – macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, or macOS Tahoe 26.1.
  • Roll out the latest OS version to all relevant devices so that every user is protected by the patched software.
  • If the update cannot be applied immediately, limit the use of new sandboxed applications that request access to sensitive data and review existing app permissions in System Settings > Privacy to reduce the attack surface.

Generated by OpenCVE AI on April 27, 2026 at 23:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Title Sandboxed App May Access Sensitive User Data via Logic Issue

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. A sandboxed app may be able to access sensitive user data. A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. A sandboxed app may be able to access sensitive user data.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A sandboxed app may be able to access sensitive user data. A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. A sandboxed app may be able to access sensitive user data.
References

Tue, 04 Nov 2025 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Tue, 04 Nov 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A sandboxed app may be able to access sensitive user data.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:27.960Z

Reserved: 2025-04-16T15:24:37.118Z

Link: CVE-2025-43396

cve-icon Vulnrichment

Updated: 2025-11-04T18:02:45.447Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:46.377

Modified: 2026-04-02T19:20:39.287

Link: CVE-2025-43396

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:15:06Z

Weaknesses