CVE-2025-43367
Description
A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In macOS before Tahoe 26 and Sonoma 14.8, an app could bypass Privacy preferences and access protected user data due to a symlink validation issue.
Root
Cause A privacy issue in macOS allowed an app to bypass Privacy preferences and access protected user data. The vulnerability was addressed by improving validation of symlinks and moving sensitive data [1].
Attack
Surface The attack surface is local; any app on an affected Mac could potentially exploit this issue without requiring special privileges beyond normal app permissions. The vulnerability affects Macs running macOS versions prior to Tahoe 26 or Sonoma 14.8 [1][3].
Impact
An attacker with knowledge of the flaw could access protected user data, such as files or information guarded by Privacy preferences, violating user privacy expectations.
Mitigation
Apple has fixed the issue in macOS Tahoe 26 and macOS Sonoma 14.8. Users should update their systems to the latest available version. No workarounds have been published [1][3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- support.apple.com/en-us/125112nvdRelease NotesVendor Advisory
- seclists.org/fulldisclosure/2025/Sep/53nvd
- seclists.org/fulldisclosure/2025/Sep/55nvd
- support.apple.com/en-us/125110nvd
News mentions
0No linked articles in our index yet.