CVE-2025-43410

LOW
2025-12-12 [email protected]
2.4
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Dec 12, 2025 - 21:15 nvd
LOW 2.4

Tags

Apple macOS Information Disclosure

Description

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes.

Analysis

Improper cache handling in macOS allows attackers with physical access to recover deleted notes from memory. The vulnerability affects macOS Sequoia (before 15.7.2), macOS Sonoma (before 14.8.2), and macOS Tahoe (before 26.2), exposing sensitive user data through inadequate data sanitization. No public exploit code has been identified, and the extremely low EPSS score (0.02%) reflects the requirement for physical device access, making real-world exploitation unlikely outside of targeted scenarios involving stolen or temporarily compromised hardware.

Technical Context

This vulnerability stems from CWE-524 (Use of Cache Containing Sensitive Information), a weakness in how macOS manages in-memory cache structures for the Notes application. When notes are deleted, the underlying cache memory is not properly overwritten or cleared, leaving data remnants accessible to anyone with direct physical access to the device. The issue involves the Notes framework's interaction with system memory management and cache eviction policies. While the specific technical mechanism isn't detailed, improved cache handling suggests that Apple implemented secure cache invalidation, likely involving explicit memory zeroing or reallocation strategies to prevent recovery of deleted content.

Affected Products

macOS Sequoia (all versions before 15.7.2), macOS Sonoma (all versions before 14.8.2), and macOS Tahoe (all versions before 26.2) are affected, as indicated by CPE cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* and confirmed in Apple security advisories. The vulnerability is specific to the Notes application cache on these operating systems.

Remediation

Update to macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, or macOS Tahoe 26.2 or later. Users should navigate to System Settings > General > Software Update and install the latest available version for their macOS variant. Additionally, enable FileVault full-disk encryption and configure Find My Mac remote wipe capability to mitigate physical access threats. For enterprise deployments, enforce MDM policies requiring automatic security updates. Refer to Apple support articles https://support.apple.com/en-us/125635, https://support.apple.com/en-us/125636, and https://support.apple.com/en-us/125886 for detailed update instructions and release notes.

Priority Score

12
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +12
POC: 0

Share

CVE-2025-43410 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy