CVE-2025-46287 in macOS
Summary
by MITRE • 12/12/2025
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An attacker may be able to spoof their FaceTime caller ID.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 12/17/2025
The vulnerability identified as CVE-2025-46287 represents a critical inconsistency in the user interface state management within Apple's operating systems, specifically affecting macOS Sonoma and Sequoia versions prior to their respective security updates. This flaw manifests as an insufficient validation mechanism that allows unauthorized manipulation of FaceTime caller identification information, creating a potential vector for social engineering attacks and identity spoofing. The issue stems from inadequate state management controls that fail to properly verify the authenticity of caller identity information presented during FaceTime sessions.
The technical nature of this vulnerability aligns with CWE-691, which addresses insufficient control flow management and improper state handling within software applications. The flaw operates at the user interface layer where the system's state management fails to properly validate the caller ID information against established authentication protocols. This allows an attacker to manipulate the display of caller identity information without proper verification mechanisms, effectively creating a false representation of the calling party. The vulnerability demonstrates poor input validation and insufficient security controls in the user interface presentation layer.
From an operational perspective, this vulnerability presents significant risks to user privacy and security awareness, particularly in environments where FaceTime communication is used for sensitive business or personal interactions. Attackers could exploit this flaw to impersonate legitimate callers, potentially leading to phishing attempts, social engineering campaigns, or other malicious activities that rely on trusted caller identification. The impact extends beyond individual users to organizational security postures, as the spoofed caller ID could be used to bypass security awareness training and establish trust with victims before attempting to extract sensitive information or perform unauthorized actions. This vulnerability directly maps to ATT&CK technique T1566.001, which involves social engineering through phishing and spoofing activities.
The remediation for this vulnerability involves updating to the patched versions of macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3, which implement improved state management controls and enhanced validation mechanisms for FaceTime caller identification. Security administrators should prioritize deployment of these updates across all affected systems and consider implementing additional monitoring for suspicious FaceTime activity patterns that might indicate exploitation attempts. Organizations should also review their existing security awareness training programs to address potential impacts from this vulnerability, particularly regarding the verification of caller identity information during communication sessions. The fix addresses the root cause by implementing proper state validation controls that ensure caller ID information cannot be manipulated without proper authentication verification, thereby restoring the integrity of the user interface presentation layer.