Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.
Published: 2026-03-25
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data access
Action: Apply updates
AI Analysis

Impact

A permissions issue in macOS allows an application to access protected user data beyond its intended scope. The vulnerability is a classic case of improper privilege escalation (CWE‑269), enabling unauthorized read access to sensitive information. The impact is the potential exposure of personal data such as documents, photos, or credentials, compromising confidentiality.

Affected Systems

Apple macOS is affected. Systems running versions prior to macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, or macOS Tahoe 26.4 are vulnerable. These versions have been updated to include additional restrictions that resolve the permission flaw.

Risk and Exploitability

The CVSS score of 4 denotes low severity. EPSS is below 1 %, indicating a low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an application to run on the user’s machine and exploit the improper privilege check; the attack is likely local and does not rely on network connectivity. Because the flaw only allows read access, an attacker would need a malicious or compromised app installed by the user.

Generated by OpenCVE AI on March 26, 2026 at 18:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to at least Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4 or later
  • Verify that installed applications are from trusted sources and monitor for suspicious software

Generated by OpenCVE AI on March 26, 2026 at 18:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Title macOS Permissions Flaw Allowing Unauthorized Access to Protected User Data

Thu, 26 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title macOS Permissions Flaw Allows Applications to Access Protected User Data
Weaknesses CWE-284

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title macOS Permissions Flaw Allows Applications to Access Protected User Data
Weaknesses CWE-284

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:12:22.817Z

Reserved: 2025-11-11T14:43:07.857Z

Link: CVE-2026-20607

cve-icon Vulnrichment

Updated: 2026-03-26T14:35:51.394Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:03.763

Modified: 2026-03-26T17:24:02.170

Link: CVE-2026-20607

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:20:10Z

Weaknesses