Skip to main content

Apple macOS CVE-2025-46307

| EUVD-2025-209943 MEDIUM
Improper Access Control (CWE-284)
2026-05-26 apple
Authentication Bypass Apple
5.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
May 27, 2026 - 19:43 vuln.today
CVSS changed
May 27, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch available
May 26, 2026 - 23:02 EUVD
CVE Published
May 26, 2026 - 21:32 nvd
MEDIUM 5.5
CVE Published
May 26, 2026 - 21:32 nvd
UNKNOWN (no severity yet)

DescriptionNVD

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.

AnalysisAI

Improper access control in Apple macOS allows a locally-executed app to read sensitive user data by exploiting a logic flaw in system-level restrictions. Affected are all macOS versions prior to Tahoe 26, per the CPE data and EUVD-2025-209943. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires no user interaction once an app is running under low privileges, and the confidentiality impact is rated High. No public exploit code exists and this vulnerability is not confirmed actively exploited (CISA KEV).

Technical ContextAI

CWE-284 (Improper Access Control) describes cases where software fails to restrict access to a resource in a manner consistent with its security policy. In this instance, Apple identified a logic issue in macOS access control enforcement - tagged as an Authentication Bypass - where an app can circumvent intended restrictions to reach sensitive user data. The affected product is Apple macOS across all versions below 26 (Tahoe), as identified by CPE cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*. This class of flaw typically arises when permission-checking logic contains an incorrect branch, state-machine gap, or ordering error that a crafted app can trigger to gain unauthorized read access to protected data stores (e.g., contacts, location, keychain-adjacent data).

RemediationAI

The primary remediation is to upgrade to macOS Tahoe 26, which contains Apple's official fix for this logic issue per the vendor advisory at https://support.apple.com/en-us/125110. Patch availability is confirmed by Apple; exact patch version is macOS Tahoe 26. As a compensating control prior to patching, administrators should restrict installation and execution of untrusted or unreviewed third-party applications using macOS System Policy controls (spctl) or Mobile Device Management (MDM) profiles that enforce App Store-only sources - this directly narrows the surface for an app-based exploitation path. Enabling Full Disk Access prompts via System Settings and auditing which apps hold privacy permissions (Privacy & Security pane) can further limit exposure. Note that restricting app execution may impact productivity workflows; assess per-environment before enforcing.

More from same product – last 7 days

CVE-2026-44739 HIGH
8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
CVE-2026-5817 HIGH
8.2 May 22

Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock
CVE-2026-5843 HIGH
8.2 May 22

Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape

CVE-2025-43306 HIGH
7.8 May 26

Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root

CVE-2026-49237 HIGH
7.8 May 28

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r

Share

CVE-2025-46307 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy