Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to elevate privileges.
Published: 2025-12-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

A logic flaw in Apple operating systems was identified, allowing an application to bypass standard privilege checks and run with elevated system permissions. The vulnerability arises from insufficient validation during certain user-interaction flows, which can be exploited by a crafted app or malicious payload. If successful, the attacker gains the ability to execute code with full system authority, potentially compromising data confidentiality, integrity, and overall device security.

Affected Systems

Apple iOS and iPadOS versions prior to 18.7.3, macOS Sequoia versions earlier than 15.7.3, macOS Sonoma earlier than 14.8.3, and macOS Tahoe earlier than 26.2 are affected. All devices running these operating systems could run the vulnerable code if an app attempts to elevate privileges.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity of privilege escalation. The EPSS score is below 1%, suggesting that the probability of exploitation in the general population is low, and the vulnerability is not yet listed in CISA’s KEV catalog. The attack vector is inferred to be local or through a malicious app installed on the device, requiring privileged use of the operating system’s application installation pathways. Successful exploitation would grant the attacker complete control of the compromised device.

Generated by OpenCVE AI on April 22, 2026 at 20:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates for iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, or macOS Tahoe 26.2 to remove the flaw.
  • Restrict application installation to trusted sources only—disable or limit side‑loaded apps and enforce App Store restrictions on iOS and iPadOS.
  • Enable Gatekeeper and app quarantine controls on macOS to block non‑signed or potentially malicious binaries from running.

Generated by OpenCVE AI on April 22, 2026 at 20:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Logic Issue in Apple Operating Systems

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to elevate privileges. A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to elevate privileges.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to elevate privileges. A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to elevate privileges.
References

Wed, 17 Dec 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Tue, 16 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to elevate privileges.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:20.353Z

Reserved: 2025-04-16T15:27:21.196Z

Link: CVE-2025-43512

cve-icon Vulnrichment

Updated: 2025-12-16T15:23:57.349Z

cve-icon NVD

Status : Modified

Published: 2025-12-12T21:15:56.110

Modified: 2026-04-02T19:20:57.740

Link: CVE-2025-43512

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:45:27Z

Weaknesses