Apple macOS up to 14.8.2/15.7.2 user session

Summaryinfo

A vulnerability was found in Apple macOS up to 14.8.2/15.7.2. It has been classified as problematic. This affects an unknown part. Performing a manipulation results in user session. This vulnerability is reported as CVE-2025-43516. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Apple macOS up to 14.8.2/15.7.2. It has been classified as problematic. This affects an unknown code block. The manipulation with an unknown input leads to a user session vulnerability. CWE is classifying the issue as CWE-1018. This is going to have an impact on confidentiality. The summary by CVE is:

A session management issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. A user with Voice Control enabled may be able to transcribe another user's activity.

It is possible to read the advisory at support.apple.com. This vulnerability is uniquely identified as CVE-2025-43516 since 04/16/2025. The exploitability is told to be easy. Attacking locally is a requirement. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 14.8.3 or 15.7.3 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-2838). Be aware that VulDB is the high quality source for vulnerability data.

Affected

• Apple macOS

Productinfo

Type

• Operating System

Vendor

• Apple

Name

• macOS

Version

• 14.8.0
• 14.8.1
• 14.8.2
• 15.7.0
• 15.7.1
• 15.7.2

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion