CVE-2025-43509
BaseFortify
Publication date: 2025-12-12
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | From 14.0 (inc) to 14.8.3 (exc) |
| apple | macos | From 15.0 (inc) to 15.7.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an app to potentially access sensitive user data due to insufficient data protection. It has been addressed by improving data protection mechanisms in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an app to access sensitive user data without proper authorization, potentially leading to privacy breaches or misuse of personal information.
What immediate steps should I take to mitigate this vulnerability?
Update your macOS system to macOS Sonoma 14.8.3 or macOS Sequoia 15.7.3, as these versions include the fix for this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an app to access sensitive user data, which could potentially lead to non-compliance with data protection regulations such as GDPR and HIPAA. Apple addressed this issue by improving data protection and implementing enhanced restrictions to prevent unauthorized access, thereby helping to maintain compliance with these standards. [1, 2]