A privacy vulnerability allows an application on macOS to read or access sensitive user data that it should not normally be able to see. This flaw is categorised under CWE‑200, indicating information exposure. Successful exploitation would enable the app to view private information such as contacts, documents, or other personal files, thereby compromising confidentiality. The description states that an app may be able to access sensitive user data, and no additional exploitation steps are described, so the impact is limited to data leakage rather than further privilege escalation or denial of service.

Apple’s macOS is affected, specifically systems running versions earlier than Sequoia 15.7.4, Sonoma 14.8.4, or Tahoe 26.3. The issue applies to all released builds before those patch versions, as indicated by the support articles that list the fixes. Users running any of the earlier macOS releases are therefore impacted.

The CVSS base score of 5.5 reflects moderate severity, and the EPSS score of less than 1% indicates a low likelihood of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog, meaning no confirmed active exploits exist. The likely attack vector is local: a malicious or compromised application installed by the user can read sensitive data. While the flaw does not provide remote code execution or privilege escalation, the confidentiality risk warrants prompt remediation. Given the low exploitation probability and moderate severity, the risk is considered moderate but action should not be delayed.