macOS
CVE-2025-43410
LOW
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes.
AnalysisAI
Improper cache handling in macOS allows attackers with physical access to recover deleted notes from memory. The vulnerability affects macOS Sequoia (before 15.7.2), macOS Sonoma (before 14.8.2), and macOS Tahoe (before 26.2), exposing sensitive user data through inadequate data sanitization. No public exploit code has been identified, and the extremely low EPSS score (0.02%) reflects the requirement for physical device access, making real-world exploitation unlikely outside of targeted scenarios involving stolen or temporarily compromised hardware.
Technical ContextAI
This vulnerability stems from CWE-524 (Use of Cache Containing Sensitive Information), a weakness in how macOS manages in-memory cache structures for the Notes application. When notes are deleted, the underlying cache memory is not properly overwritten or cleared, leaving data remnants accessible to anyone with direct physical access to the device. The issue involves the Notes framework's interaction with system memory management and cache eviction policies. While the specific technical mechanism isn't detailed, improved cache handling suggests that Apple implemented secure cache invalidation, likely involving explicit memory zeroing or reallocation strategies to prevent recovery of deleted content.
RemediationAI
Update to macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, or macOS Tahoe 26.2 or later. Users should navigate to System Settings > General > Software Update and install the latest available version for their macOS variant. Additionally, enable FileVault full-disk encryption and configure Find My Mac remote wipe capability to mitigate physical access threats. For enterprise deployments, enforce MDM policies requiring automatic security updates. Refer to Apple support articles https://support.apple.com/en-us/125635, https://support.apple.com/en-us/125636, and https://support.apple.com/en-us/125886 for detailed update instructions and release notes.
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility develope
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authent
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no auth
This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely explo
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data t
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today