CVE-2025-43522
BaseFortify
Publication date: 2025-12-12
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 15.7.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a downgrade issue affecting Intel-based Mac computers, where an app may bypass security by exploiting insufficient code-signing restrictions, potentially allowing it to access user-sensitive data. It has been addressed with additional code-signing restrictions in macOS Sequoia 15.7.3.
How can this vulnerability impact me? :
An app exploiting this vulnerability may gain unauthorized access to user-sensitive data on affected Intel-based Mac computers, potentially compromising user privacy and security.
What immediate steps should I take to mitigate this vulnerability?
Update your Intel-based Mac computers to macOS Sequoia 15.7.3 or later, which includes the fix for this vulnerability by adding additional code-signing restrictions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability could allow an application to access user-sensitive data by bypassing security restrictions, which may lead to unauthorized data access. This unauthorized access could potentially impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require safeguarding sensitive user information. The fix implemented by Apple, involving additional code-signing restrictions, aims to prevent such unauthorized access and thereby help maintain compliance with these standards. [1]