Apple Patches macOS Information Disclosure Vulnerability in NVRAM Logging (CVE-2026-20695)
Apple has released a security update addressing CVE-2026-20695, a macOS information disclosure vulnerability in NVRAM variable logging that could allow local attackers to access sensitive data and potentially chain with other flaws for kernel-level code execution.
Apple has issued a security update to address CVE-2026-20695, a vulnerability in macOS that could allow local attackers to disclose sensitive information via NVRAM variable logging. The flaw, reported by researcher Lee Dong Ha (0xb6) through the Zero Day Initiative, exposes sensitive data to an unauthorized control sphere, potentially enabling privilege escalation and kernel-level code execution when combined with other vulnerabilities.
The vulnerability resides in how macOS handles NVRAM variable logging. An attacker who first obtains the ability to execute low-privileged code on the target system can exploit this flaw to read sensitive information that should be protected. The issue is classified as an information disclosure, with a CVSS score of 3.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N), indicating low severity but potential for chaining.
Apple has released a security update to correct the vulnerability. Users are advised to apply the latest macOS updates as soon as possible. The advisory can be found at Apple's support page: https://support.apple.com/en-ca/126795.
While the vulnerability itself is rated low severity, its significance lies in the potential for chaining with other exploits. Information disclosure flaws like this can provide attackers with the necessary data to escalate privileges or bypass security mechanisms, making them valuable components in multi-step attack chains targeting macOS systems.
The disclosure timeline shows the vulnerability was reported to Apple on March 5, 2026, and coordinated public release occurred on March 30, 2026. This relatively quick turnaround reflects Apple's commitment to addressing security issues in a timely manner.
macOS users, particularly those in enterprise environments where local attackers may have initial access, should prioritize applying this update. While no active exploitation has been reported, the availability of detailed vulnerability information increases the risk of targeted attacks.