Description
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.
Published: 2025-12-12
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Protected User Data
Action: Patch Now
AI Analysis

Impact

A logic flaw that bypasses the operating system’s protective restrictions permits an application to read or manipulate user data that is normally safeguarded. The weakness is classified as an access control flaw (CWE‑284) and can lead to significant privacy and integrity violations if an attacker can craft or install a malicious application that leverages the broken logic.

Affected Systems

Apple macOS users running Sequoia, Sonoma, or Tahoe versions that have not applied the latest security update are affected. The issue was addressed in Sequoia 15.7.3, Sonoma 14.8.3, and Tahoe 26.2, so any earlier releases remain vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity, but the EPSS score of less than 1% suggests that exploitation, while possible, is currently rare. The vulnerability is not listed in the CISA KEV catalog, and the likely implementation path would involve a local attacker installing or executing a malicious application that takes advantage of the logic flaw to access protected data.

Generated by OpenCVE AI on April 22, 2026 at 20:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to the latest release—Sequoia 15.7.3, Sonoma 14.8.3, or Tahoe 26.2—to obtain the fix for the logic flaw.
  • Enforce Gatekeeper or the equivalent application validation mechanism to allow only Apple‑signed and App Store applications, limiting the unit that can run potentially malicious code.
  • Audit and remove or restrict applications that request unnecessary entitlements or elevated privileges, particularly those that access sensitive user information.

Generated by OpenCVE AI on April 22, 2026 at 20:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Title App May Access Protected User Data Due to Logic Issue in macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data. A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access protected user data. A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data.
References

Wed, 17 Dec 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 16 Dec 2025 21:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access protected user data.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:03.317Z

Reserved: 2025-04-16T15:24:37.123Z

Link: CVE-2025-43416

cve-icon Vulnrichment

Updated: 2025-12-16T15:23:48.136Z

cve-icon NVD

Status : Modified

Published: 2025-12-12T21:15:54.213

Modified: 2026-04-02T19:20:42.853

Link: CVE-2025-43416

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:45:27Z

Weaknesses