Description
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An app may be able to access sensitive user data.
Published: 2026-02-11
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authorization issue exists in macOS that allows a malicious or compromised application to bypass proper access controls and read sensitive user data it should not access. The flaw arises from insufficient state management, representing a mis‑implementation of access control (CWE‑285). It can lead to confidentiality loss for the affected user.

Affected Systems

Apple macOS versions before Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26 lack the patched state management and remain vulnerable to the authorization bypass.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% suggests a low likelihood of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Likely exploitation requires a locally installed or sideloaded application that leverages the flawed authorization to acquire protected data; any successful exploit results in unauthorized disclosure of user information.

Generated by OpenCVE AI on May 26, 2026 at 22:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.7.4 or later, or Sonoma 14.8.4 or later.
  • If an upgrade is not immediately possible, limit third‑party applications to only the permissions required for their function and monitor for any unnecessary data requests.
  • Apply any available vendor patches or security updates for older macOS releases to reduce overall exposure to similar authorization weaknesses.

Generated by OpenCVE AI on May 26, 2026 at 22:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 23:15:00 +0000

Type Values Removed Values Added
Title macOS Authorization Bug Allowing Apps Access to Sensitive User Data

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data. An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An app may be able to access sensitive user data.
References

Wed, 22 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title macOS Authorization Bug Allowing Apps Access to Sensitive User Data

Fri, 13 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Thu, 12 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-26T21:32:07.695Z

Reserved: 2025-04-16T15:24:37.120Z

Link: CVE-2025-43403

cve-icon Vulnrichment

Updated: 2026-02-12T16:59:54.876Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:01.597

Modified: 2026-05-26T22:16:41.133

Link: CVE-2025-43403

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T23:00:17Z

Weaknesses