CVE-2025-30459
Description
A privacy issue in macOS Sequoia before 15.4 allows an app to access sensitive user data; fixed by removing vulnerable code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A privacy issue in macOS Sequoia before 15.4 allows an app to access sensitive user data; fixed by removing vulnerable code.
Vulnerability
A privacy vulnerability exists in macOS Sequoia versions prior to 15.4. The issue arises from a code path that fails to properly restrict access to sensitive user data. The vulnerability was addressed by removing the vulnerable code entirely. Affected versions: macOS Sequoia before 15.4.
Exploitation
An attacker needs to have an app running on the target system. No additional privileges are explicitly required beyond the ability to execute an app. The exact mechanism is not disclosed, but the app can exploit the vulnerable code to access sensitive user data.
Impact
Successful exploitation allows an app to access sensitive user data, leading to a breach of confidentiality. The attack does not grant code execution or privilege escalation; it only discloses information to the malicious app.
Mitigation
Apple released macOS Sequoia 15.4 on March 31, 2025, which removes the vulnerable code and fixes the issue [1]. Users should update to this version or later. No workaround is available.
AI Insight generated on Jun 11, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <15.4
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.