CVE-2025-43320
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.
Analysis
macOS launch constraint bypass enables authenticated local users to execute code with elevated privileges on macOS Sequoia (up to 15.7.2) and macOS Tahoe (pre-26). The vulnerability requires low-complexity exploitation by a user with existing local access, allowing them to circumvent Apple's launch constraint security framework and achieve full system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis, with EPSS indicating only 0.02% probability of exploitation in the wild (5th percentile).
Technical Context
Launch constraints are a macOS security mechanism introduced to restrict which processes can be launched and what privileges they can obtain, forming part of Apple's defense-in-depth architecture. This CWE-269 (Improper Privilege Management) flaw allows applications to bypass these runtime protections through logic flaws in the constraint validation code. The vulnerability affects the core operating system privilege escalation controls across macOS Sequoia 15.x series and the newer macOS Tahoe (version 26) platform. Apple addressed the issue by implementing additional validation logic in the launch constraint enforcement subsystem, suggesting the original implementation had insufficient checks during privilege elevation requests or constraint policy enforcement.
Affected Products
The vulnerability impacts Apple macOS across two major platform releases. Affected versions include macOS Sequoia prior to version 15.7.3 and macOS Tahoe prior to version 26. The CPE identifier cpe:2.3:o:apple:macos covers the broad macOS operating system family. Apple's security advisories HT216018 (for macOS Sequoia 15.7.3) at https://support.apple.com/en-us/125887 and HT216005 (for macOS Tahoe 26) at https://support.apple.com/en-us/125110 provide official confirmation of affected versions and fixes. All macOS users running Sequoia 15.7.2 or earlier, or Tahoe preview/beta versions prior to release 26, should consider themselves affected.
Remediation
Vendor-released patches are available through Apple's standard update mechanisms. Users running macOS Sequoia should immediately upgrade to version 15.7.3 or later via System Settings > General > Software Update or through Apple's Software Update service. Users on macOS Tahoe preview/beta builds should upgrade to macOS Tahoe version 26 or later. Apple addressed the vulnerability by implementing additional logic checks in the launch constraint validation subsystem as documented in security advisories HT216018 (https://support.apple.com/en-us/125887) and HT216005 (https://support.apple.com/en-us/125110). No workarounds are available for this privilege escalation vulnerability; patching to the fixed versions is the only effective remediation. Organizations should prioritize updates for systems with multiple user accounts or where untrusted applications may be installed. Standard macOS security practices of limiting application installation sources and maintaining least-privilege user accounts provide defense-in-depth but do not eliminate the vulnerability.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today