CVE-2025-43197
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-11-03
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 13.7.7 (exc) |
| apple | macos | From 14.0 (inc) to 14.7.7 (exc) |
| apple | macos | From 15.0 (inc) to 15.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves insufficient entitlement checks in macOS, which could allow an app to access sensitive user data without proper authorization. It has been addressed by adding additional entitlement checks in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an unauthorized app to access sensitive user data, potentially leading to privacy breaches or data leakage.
What immediate steps should I take to mitigate this vulnerability?
Update your macOS system to one of the fixed versions: macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7 to ensure the additional entitlement checks are applied and prevent apps from accessing sensitive user data.