CVE-2025-43348
BaseFortify
Publication date: 2025-11-04
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | From 14.0 (inc) to 14.8.2 (exc) |
| apple | macos | From 15.0 (inc) to 15.7.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a logic issue in macOS that allowed an app to bypass Gatekeeper checks. Gatekeeper is a security feature that helps ensure only trusted software runs on macOS. The issue was fixed by improving validation in macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an untrusted or malicious app to bypass Gatekeeper protections, potentially leading to the execution of unauthorized or harmful software on your macOS device.
What immediate steps should I take to mitigate this vulnerability?
Apply the security updates provided by Apple, specifically macOS Sonoma 14.8.2 or macOS Sequoia 15.7.2, which fix this issue by improving validation to prevent apps from bypassing Gatekeeper checks.