Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.
Published: 2026-03-25
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Exposure
Action: Patch macOS
AI Analysis

Impact

Apple identified a permissions flaw that allows an application to access sensitive user data that should be protected. The weakness is an improper authority granting issue, aligned with CWE‑284. This flaw can lead to unauthorized disclosure of personal information if an attacker can run an application that the system incorrectly trusts to retrieve protected content.

Affected Systems

The issue impacts macOS installations on Apple devices of any release older than macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Users running earlier versions are susceptible; the updates add the necessary restrictions to deny the access attempt.

Risk and Exploitability

The CVSS score of 5.3 reflects medium severity, while an EPSS score of less than 1% indicates low expected exploitation frequency. The flaw is not listed in CISA’s KEV catalog. Based on the description, exploitation likely requires local execution: a user installs or runs an application that the system misclassifies as allowed to read sensitive data. No remote exploitation vector is stated in the data.

Generated by OpenCVE AI on March 25, 2026 at 23:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest macOS updates, including macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, or macOS Tahoe 26.4, to enforce the corrected permission checks.
  • Remove or disable any unnecessary or untrusted applications that may have elevated privileges.
  • Regularly review System Preferences > Security & Privacy > Privacy to audit application permissions, and ensure only required permissions are granted.

Generated by OpenCVE AI on March 25, 2026 at 23:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title macOS Permissions Issue Allowing App Access to Sensitive Data macOS Permissions Flaw Allowing Sensitive Data Access

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title macOS Permissions Issue Allowing App Access to Sensitive Data

Wed, 25 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:21:02.444Z

Reserved: 2025-11-11T14:43:07.877Z

Link: CVE-2026-20697

cve-icon Vulnrichment

Updated: 2026-03-25T19:44:16.456Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:06.440

Modified: 2026-03-25T21:31:49.540

Link: CVE-2026-20697

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:17:54Z

Weaknesses