CVE-2025-43390 is a vulnerability identified in Intel-based Apple macOS systems, fixed in macOS Sequoia 15.7.2 and Tahoe 26.1. The root cause is a downgrade issue related to code-signing enforcement, which allows an application to circumvent enhanced code-signing restrictions implemented by Apple. This flaw enables a malicious or compromised app to access user-sensitive data that should otherwise be protected by the operating system's security mechanisms. The vulnerability is classified under CWE-347, indicating improper verification of cryptographic signatures. Exploitation requires local access and user interaction but no prior privileges, making it moderately accessible to attackers who can trick users into running a malicious app. The CVSS v3.1 score is 5.5 (medium), reflecting high confidentiality impact but no impact on integrity or availability. The attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), and user interaction needed (UI:R). No known exploits have been reported in the wild as of the publication date. The vulnerability highlights the importance of strict code-signing enforcement to prevent unauthorized data access on macOS platforms.

For European organizations, this vulnerability poses a risk primarily to the confidentiality of sensitive user data on Intel-based macOS devices. Organizations with employees or systems running affected macOS versions could face data leakage if a malicious app is executed locally, potentially exposing personal information, credentials, or proprietary data. The impact is heightened in sectors with strict data protection requirements such as finance, healthcare, and government. Although exploitation requires user interaction, social engineering or phishing campaigns could facilitate this. The lack of impact on system integrity or availability limits the scope to data confidentiality breaches rather than system disruption. Given Apple's significant market share in certain European countries and the prevalence of macOS in professional environments, the vulnerability could be leveraged for targeted espionage or insider threat scenarios. However, the absence of known exploits reduces immediate risk, though organizations should not delay remediation.

1. Immediately update all Intel-based macOS systems to macOS Sequoia 15.7.2 or Tahoe 26.1 or later versions where the vulnerability is patched. 2. Enforce strict application whitelisting and code-signing policies using Apple’s built-in security frameworks such as Gatekeeper and System Integrity Protection (SIP). 3. Educate users about the risks of running untrusted applications and the importance of avoiding suspicious links or downloads that could trigger user interaction with malicious apps. 4. Monitor endpoint security logs for unusual application behavior or unauthorized attempts to access sensitive data. 5. Implement network segmentation and least privilege principles to limit the impact of any compromised local accounts. 6. Regularly audit installed applications and remove or block those that are unnecessary or unverified. 7. Employ endpoint detection and response (EDR) solutions capable of detecting anomalous local activity related to code-signing bypass attempts.