Skip to main content

macOS CVE-2025-43410

LOW
Use of Cache Containing Sensitive Information (CWE-524)
2025-12-12 product-security@apple.com
Information Disclosure Apple macOS
2.4
CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Dec 12, 2025 - 21:15 nvd
LOW 2.4

DescriptionNVD

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes.

AnalysisAI

Improper cache handling in macOS allows attackers with physical access to recover deleted notes from memory. The vulnerability affects macOS Sequoia (before 15.7.2), macOS Sonoma (before 14.8.2), and macOS Tahoe (before 26.2), exposing sensitive user data through inadequate data sanitization. No public exploit code has been identified, and the extremely low EPSS score (0.02%) reflects the requirement for physical device access, making real-world exploitation unlikely outside of targeted scenarios involving stolen or temporarily compromised hardware.

Technical ContextAI

This vulnerability stems from CWE-524 (Use of Cache Containing Sensitive Information), a weakness in how macOS manages in-memory cache structures for the Notes application. When notes are deleted, the underlying cache memory is not properly overwritten or cleared, leaving data remnants accessible to anyone with direct physical access to the device. The issue involves the Notes framework's interaction with system memory management and cache eviction policies. While the specific technical mechanism isn't detailed, improved cache handling suggests that Apple implemented secure cache invalidation, likely involving explicit memory zeroing or reallocation strategies to prevent recovery of deleted content.

RemediationAI

Update to macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, or macOS Tahoe 26.2 or later. Users should navigate to System Settings > General > Software Update and install the latest available version for their macOS variant. Additionally, enable FileVault full-disk encryption and configure Find My Mac remote wipe capability to mitigate physical access threats. For enterprise deployments, enforce MDM policies requiring automatic security updates. Refer to Apple support articles https://support.apple.com/en-us/125635, https://support.apple.com/en-us/125636, and https://support.apple.com/en-us/125886 for detailed update instructions and release notes.

More from same product – last 7 days

CVE-2026-44739 HIGH
8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
CVE-2026-5817 HIGH
8.2 May 22

Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock
CVE-2026-5843 HIGH
8.2 May 22

Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape

CVE-2025-43306 HIGH
7.8 May 26

Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root

CVE-2026-49237 HIGH
7.8 May 28

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r

Share

CVE-2025-43410 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy