CVE-2025-43322

Vulnerability

Overview

CVE-2025-43322 is a logic issue in macOS that could allow an app to access sensitive user data. Apple addressed the vulnerability by improving internal checks, as described in the security advisories for macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1 [1][2][3].

Attack

Vector and Prerequisites

The vulnerability does not require specific user interaction beyond running a malicious or compromised app. Apple’s description indicates that the flaw exists in the operating system's data access controls, potentially enabling an app to bypass certain restrictions and gain unauthorized access to user-sensitive information. No additional authentication or network position is reported as required [2][3].

Impact

An attacker who can run an app on the affected macOS systems may be able to access sensitive user data, such as personal files, credentials, or other private information. Apple rates the severity as Medium (CVSS 3.0 base score 5.5), reflecting the need for local code execution but the potential for meaningful data exposure [1][3].

Mitigation

Status

Apple released patched versions for macOS Sequoia (15.7.2), macOS Sonoma (14.8.2), and macOS Tahoe (26.1) on November 3, 2025. Users should update to the latest available versions to remediate the issue. No workarounds have been disclosed [1][2][3].