Search
Find a vulnerability
Search criteria
2 vulnerabilities found for macOS Tahoe by Apple
CVE-2025-43524 (GCVE-0-2025-43524)
Vulnerability from nvd – Published: 2026-05-12 17:35 – Updated: 2026-05-12 22:18
VLAI
Summary
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- An app may be able to break out of its sandbox
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | macOS Sequoia |
Affected:
0 , < 15.7.7
(custom)
|
|
| Apple | macOS Sonoma |
Affected:
0 , < 14.8.7
(custom)
|
|
| Apple | macOS Tahoe |
Affected:
0 , < 26.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T20:27:03.098026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:27:05.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS Sequoia",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS Sonoma",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS Tahoe",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to break out of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T22:18:48.934Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125886"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43524",
"datePublished": "2026-05-12T17:35:13.695Z",
"dateReserved": "2025-04-16T15:27:21.197Z",
"dateUpdated": "2026-05-12T22:18:48.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43524 (GCVE-0-2025-43524)
Vulnerability from cvelistv5 – Published: 2026-05-12 17:35 – Updated: 2026-05-12 22:18
VLAI
Summary
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- An app may be able to break out of its sandbox
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | macOS Sequoia |
Affected:
0 , < 15.7.7
(custom)
|
|
| Apple | macOS Sonoma |
Affected:
0 , < 14.8.7
(custom)
|
|
| Apple | macOS Tahoe |
Affected:
0 , < 26.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T20:27:03.098026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:27:05.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS Sequoia",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS Sonoma",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS Tahoe",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to break out of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T22:18:48.934Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125886"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43524",
"datePublished": "2026-05-12T17:35:13.695Z",
"dateReserved": "2025-04-16T15:27:21.197Z",
"dateUpdated": "2026-05-12T22:18:48.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}