Description
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.
Published: 2026-03-25
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access
Action: Immediate Update
AI Analysis

Impact

This vulnerability is a downgrade flaw that allowed applications on Intel‑based Macs to bypass newer code‑signing restrictions, potentially enabling them to read user‑sensitive data. The flaw is tied to the CWE‑347 weakness, which concerns improper restriction of operations within real trusted functions. The primary consequence is unauthorized disclosure of confidential information from the affected system.

Affected Systems

Apple macOS on Intel‑based machines is affected. The issue existed in earlier releases before the following updates: Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.3, and Tahoe 26.4. Any version of macOS on Intel hardware before these releases may be vulnerable.

Risk and Exploitability

The CVSS score of 6.2 indicates a medium severity, and the EPSS of <1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Likely exploitation requires the attacker to deploy a downgrade‑capable application on the target system, implying a local or privileged context; no remote code execution path is documented.

Generated by OpenCVE AI on March 25, 2026 at 19:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch by updating macOS to Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.3, or Tahoe 26.4 (depending on your version).
  • After updating, verify that no downgraded or unsigned applications are present and that code‑signing restrictions are enforced.

Generated by OpenCVE AI on March 25, 2026 at 19:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Downgrade Vulnerability Allowing Unauthorized Access to Sensitive Data on Intel-based Macs

Wed, 25 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:16:11.627Z

Reserved: 2025-11-11T14:43:07.877Z

Link: CVE-2026-20699

cve-icon Vulnrichment

Updated: 2026-03-25T15:50:38.646Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:06.650

Modified: 2026-03-25T18:27:09.003

Link: CVE-2026-20699

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:56:19Z

Weaknesses