VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Nov 4, 2025· Updated Apr 2, 2026

CVE-2025-43396

CVE-2025-43396

Description

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. A sandboxed app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A logic issue in macOS allows a sandboxed app to access sensitive user data; Apple addressed it with improved checks in macOS Tahoe, Sequoia, and Sonoma.

Summary

A logic issue in macOS allows a sandboxed app to access sensitive user data; Apple addressed it with improved checks in macOS Tahoe, Sequoia, and Sonoma.

Description

A logic issue exists in macOS that could allow a sandboxed app to access sensitive user data [1][2][3]. The vulnerability is present in multiple macOS versions, including Tahoe, Sequoia, and Sonoma. The root cause is a logic flaw that was addressed by improved checks.

Exploitation

The attack vector requires a sandboxed app to exploit the logic issue, likely by bypassing sandbox restrictions to access sensitive data. No authentication is needed beyond the app's own permissions. The attacker must have the ability to run a sandboxed app on the target system.

Impact

Successful exploitation could lead to unauthorized access to sensitive user data, such as personal information, without requiring additional privileges.

Mitigation

Apple has released security updates for macOS Tahoe 26.1, macOS Sequoia 15.7.2, and macOS Sonoma 14.8.2 on November 3, 2025 [1][2][3]. Users are advised to install these updates to protect their systems.

References
  1. About the security content of macOS Tahoe 26.1 - Apple Support
  2. About the security content of macOS Sequoia 15.7.2 - Apple Support
  3. About the security content of macOS Sonoma 14.8.2 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=14.0,<14.8.2
    • (no CPE)range: before 15.7.2, 14.8.2, 26.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.