Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
Published: 2026-06-11
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A permissions issue allows an application to read data that should be protected, potentially exposing sensitive user files or personal information. The vulnerability is a classic improper access control flaw that can be exploited by any app that gains the capability to bypass standard sandbox or security checks. It does not grant remote code execution or system compromise but can lead to data leaks with serious privacy implications.

Affected Systems

Apple macOS systems running versions prior to macOS Tahoe 26.1 are affected. The fix was implemented in macOS Tahoe 26.1, so any earlier releases remain vulnerable.

Risk and Exploitability

The EPSS score is not available, so the overall likelihood of exploitation cannot be quantified. The vulnerability is not listed in CISA KEV, suggesting no publicly known active exploitation. Attackers would likely need local or privileged access to install or run a malicious application that leverages this permissions flaw; remote exploitation is not indicated by the description.

Generated by OpenCVE AI on June 11, 2026 at 22:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Tahoe 26.1 or later to apply the fix for the permissions issue
  • Review and restrict the permissions granted to applications in System Settings > Privacy, ensuring no unnecessary privileges are granted
  • Monitor system logs for anomalous read attempts on protected data and consider disabling or removing applications that request excessive permissions

Generated by OpenCVE AI on June 11, 2026 at 22:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125634 cve-icon cve-icon
History

Thu, 11 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title macOS Permissions Escalation Allowing Unauthorized Access to Protected User Data

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Title macOS Permissions Escalation Allowing Unauthorized Access to Protected User Data

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 11 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-11T19:14:21.215Z

Reserved: 2025-04-22T21:13:49.961Z

Link: CVE-2025-46315

cve-icon Vulnrichment

Updated: 2026-06-11T19:12:18.459Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-11T19:16:34.697

Modified: 2026-06-11T20:51:53.840

Link: CVE-2025-46315

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:45:05Z

Weaknesses