CVE-2025-43321

Vulnerability

Overview

CVE-2025-43321 is a security issue in the AppKit framework on macOS, specifically affecting Intel-based Macs. The root cause is that the system failed to block unsigned services from launching, which could allow an app to bypass privacy preferences and access protected user data. The vulnerability was discovered by Mickey Jin (@patch1t) and addressed by Apple in macOS Tahoe 26, macOS Sequoia 15.7, and macOS Sonoma 14.8 [1][2].

Exploitation and

Attack Surface

To exploit this vulnerability, an attacker would need to have an app running on an affected Intel Mac. The attack does not require any special privileges beyond the ability to execute code, as the flaw lies in the system's validation of service signing. By launching an unsigned service, the app could circumvent the intended security restrictions that normally prevent unauthorized access to sensitive data [1][2].

Impact

Successful exploitation could allow an app to access protected user data, such as documents, contacts, or other information that is normally guarded by Privacy preferences. This could lead to unauthorized disclosure of sensitive information, compromising user privacy [1][2].

Mitigation

Apple has released patches for this vulnerability in macOS Tahoe 26, macOS Sequoia 15.7, and macOS Sonoma 14.8. Users are advised to update their systems to the latest available version to mitigate the risk. No workarounds have been provided, and the issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1][1][2].