CVE-2025-43506
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-18
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-843 | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a logic error in macOS Tahoe that affects iCloud Private Relay. Specifically, iCloud Private Relay may fail to activate when more than one user is logged in simultaneously. The issue was addressed by improving error handling and fixed in macOS Tahoe 26.1.
How can this vulnerability impact me? :
If multiple users are logged in at the same time on a macOS Tahoe system, iCloud Private Relay may not activate properly. This could result in reduced privacy protections for network traffic that iCloud Private Relay is designed to provide.
What immediate steps should I take to mitigate this vulnerability?
Update your macOS to version Tahoe 26.1 or later, as this version includes the fix for the issue where iCloud Private Relay may not activate when more than one user is logged in simultaneously.