CVE-2025-43530

Root

Cause

CVE-2025-43530 is a logic issue in multiple Apple operating systems that was addressed with improved checks. The vulnerability allows an app to access sensitive user data without proper authorization [1][2][3][4].

Attack

Vector

An attacker would need to trick or coerce a user into launching a malicious app on an affected device. The vulnerability requires no specific network position or authentication bypass beyond the app's initial installation, though the app must be trusted by the user. The issue exists in iOS, iPadOS, macOS Sequoia, Sonoma, and Tahoe, meaning a wide range of devices are potentially affected [1][2][3][4].

Impact

Successful exploitation could lead to an app gaining unauthorized access to sensitive payment tokens, as noted in the macOS Tahoe advisory [1]. The broader description in the CVE itself states that an app may be able to access sensitive user data, which could include credentials, financial information, or other personal details stored on the device.

Mitigation

Apple has released patches in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, and macOS Tahoe 26.2 [1][2][3][4]. Users should update their devices to these versions to remediate the issue. No workarounds are provided, and there is no indication this CVE has been exploited in the wild as of publication.