Description
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
Published: 2026-05-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A permissions issue in Apple macOS (CWE‑284: Improper Access Control) allowed an application to read or otherwise access sensitive user data without proper authorization. The vulnerability was mitigated by removing the vulnerable code segment, eliminating the enforcement gap that permitted this data disclosure. The result is a direct privacy breach that could expose personally identifying information or other confidential data.

Affected Systems

Apple’s macOS platform is affected, with the flaw present in versions prior to macOS Tahoe 26. The security fix was shipped in macOS Tahoe 26, which removes the problematic code path.

Risk and Exploitability

The flaw likely requires local code execution or the installation of a malicious application to exploit the missing permission check; the attack vector is inferred to be local. The CVSS score is 5.5, indicating moderate severity, and the EPSS score is not available, with the vulnerability not listed in the CISA KEV catalog. Consequently, while the precise risk level cannot be quantified, the moderate severity indicated by the CVSS score 5.5 and lack of widespread exploitation evidence suggest moderate potential impact for impacted systems.

Generated by OpenCVE AI on May 27, 2026 at 03:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Tahoe 26 or later to receive the code removal fix.
  • If a system cannot be upgraded immediately, apply the least privilege principle by limiting the application’s permissions or sandboxing it to prevent access to sensitive user data.
  • Monitor Apple support and security advisories for updates or workarounds, and consider restricting or uninstalling applications that may exploit the permission flaw.

Generated by OpenCVE AI on May 27, 2026 at 03:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125110 cve-icon cve-icon
History

Wed, 27 May 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 27 May 2026 03:45:00 +0000

Type Values Removed Values Added
Title App Permissions Leak Allowing Sensitive User Data Access in macOS

Wed, 27 May 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title App Permissions Leak Allowing Sensitive User Data Access in macOS
First Time appeared Apple
Apple macos
Weaknesses CWE-284
Vendors & Products Apple
Apple macos

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-27T00:17:08.318Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43451

cve-icon Vulnrichment

Updated: 2026-05-27T00:16:56.657Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T22:16:41.317

Modified: 2026-06-17T09:24:02.513

Link: CVE-2025-43451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T03:30:06Z

Weaknesses