CVE-2025-43337
Description
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26. An app may be able to access sensitive user data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A sandbox restriction issue in macOS allows an app to bypass Privacy preferences and access sensitive user data through inadequate symlink validation and logic checks.
CVE-2025-43337 is an access issue in macOS's sandbox that could allow an app to bypass Privacy preferences and access sensitive user data. The underlying problems included inadequate validation of symbolic links (symlinks) and a logic flaw that failed to properly enforce sandbox restrictions [1][2].
Exploitation requires a local application, without elevated privileges, to exploit the sandbox escape. An attacker-controlled app or a malicious application already on the system could leverage these weaknesses to circumvent privacy controls that normally prevent unauthorized access to user data.
Successful exploitation grants an app the ability to access sensitive user information such as documents, contacts, or other protected data, effectively bypassing the user's privacy settings. The impact is limited to local access, but could lead to data leakage if a rogue app is installed.
Apple addressed the issue in macOS Sequoia 15.7.2 and macOS Tahoe 26 by improving symlink validation and applying stricter logic checks within the sandbox [1][2]. Users are advised to update to these versions.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <15.7.2
- Range: <26
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.