CVE-2025-43387 is a security vulnerability in Apple macOS identified as a permissions issue that allows a malicious application to escalate its privileges to root level. Root privileges provide an attacker unrestricted access to the system, enabling them to execute arbitrary code, modify system files, install persistent malware, and bypass security controls. The vulnerability stems from insufficient restrictions on certain system operations or resources that a malicious app can exploit. Apple addressed this issue in macOS Sequoia 15.7.2 by implementing additional permission restrictions to prevent unauthorized privilege escalation. The affected versions are unspecified but presumably include all macOS versions prior to 15.7.2. There are no known exploits reported in the wild at this time, but the potential for exploitation exists given the nature of the flaw. The vulnerability does not require prior authentication or user interaction beyond executing the malicious app, making it easier for attackers to leverage. This type of vulnerability is critical in environments where macOS devices are used for sensitive operations, as it can lead to complete system compromise and data exfiltration. The lack of a CVSS score necessitates an assessment based on impact and exploitability factors. The vulnerability impacts confidentiality, integrity, and availability by enabling full system control to attackers. The patch from Apple should be applied promptly to mitigate the risk.

For European organizations, this vulnerability poses a significant threat especially in sectors relying heavily on macOS devices such as creative industries, software development, education, and certain government agencies. Successful exploitation could lead to unauthorized access to sensitive data, disruption of business operations, installation of persistent malware, and lateral movement within networks. Organizations handling personal data under GDPR could face compliance risks and reputational damage if breaches occur. The ability to gain root privileges means attackers can bypass most security controls, making detection and remediation more difficult. The impact is heightened for organizations with remote or hybrid workforces using macOS laptops, increasing the attack surface. Critical infrastructure entities using Apple devices for operational technology or administrative tasks could also be targeted, potentially affecting service availability and safety. The absence of known exploits currently provides a window for proactive patching and mitigation.

European organizations should immediately verify their macOS versions and deploy the macOS Sequoia 15.7.2 update or later to remediate this vulnerability. Beyond patching, organizations should implement application whitelisting to restrict execution of unauthorized software and monitor for unusual privilege escalation attempts. Endpoint detection and response (EDR) solutions should be tuned to detect behaviors indicative of privilege escalation or root-level access attempts. Restricting administrative privileges and enforcing the principle of least privilege on macOS devices can reduce the risk of exploitation. Regular audits of installed applications and system permissions can help identify suspicious changes. Network segmentation can limit the spread of an attacker who gains root access on a single device. User awareness training should emphasize the risks of running untrusted applications. Finally, organizations should maintain up-to-date backups to recover quickly in case of compromise.