CVE-2025-43310
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | From 14.0 (inc) to 14.8 (exc) |
| apple | macos | From 15.0 (inc) to 15.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability could lead to sensitive data being copied to the pasteboard unintentionally, potentially exposing private information to other apps or users who have access to the pasteboard.
What immediate steps should I take to mitigate this vulnerability?
Update your system to macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26, as these versions contain the fix for this vulnerability.
Can you explain this vulnerability to me?
This vulnerability is a configuration issue in certain macOS versions where an app may trick a user into copying sensitive data to the pasteboard without their intention. It was addressed by adding additional restrictions in macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26.