CVE-2025-43466
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-15
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability may allow an app to access sensitive user data due to an injection issue, which could potentially impact compliance with data protection regulations such as GDPR and HIPAA by risking unauthorized access to personal or protected health information. However, specific compliance impacts are not detailed in the provided resources. [1]
Can you explain this vulnerability to me?
This vulnerability is an injection issue that was addressed by improving validation. It could allow an app to access sensitive user data if exploited.
How can this vulnerability impact me? :
If exploited, this vulnerability may allow an app to access sensitive user data, potentially compromising your privacy and security.
What immediate steps should I take to mitigate this vulnerability?
Update your macOS system to version Tahoe 26.1 or later, as this version contains the fix for the injection issue that may allow an app to access sensitive user data.