A flaw in macOS authorization logic enables an application to bypass normal access controls and read data normally protected from the user. The vulnerability is rooted in insufficient state management, meaning the operating system fails to verify that an app has the correct permissions before providing data. If exploited, an attacker could obtain confidential information from the affected device, compromising privacy and potentially enabling further escalation. This weakness is specifically an authorization defect that undermines the confidentiality of user data.

Apple macOS systems running versions prior to the security update that introduced improved state management are vulnerable. This includes all builds of macOS that have not yet received the patches included in macOS Sonoma 14.8.4 and macOS Tahoe 26.3. Users of older releases or those that have not applied these updates should be considered at risk.

The CVSS base score for the vulnerability is 5.5, indicating a moderate severity. The EPSS score is below 1%, suggesting that widespread exploitation is currently unlikely, and the vulnerability is not listed in CISA’s KEV catalog. Nonetheless, the attack vector is software‑based and could be triggered by an application that has been compromised or deliberately crafted to manipulate state management. The risk is moderated by the requirement for application compromise or malicious code, but the potential for unauthorized access to sensitive data warrants timely remediation.