CVE-2025-43391 is a privacy vulnerability identified in Apple’s macOS and related operating systems, including iOS and iPadOS. The root cause is improper handling of temporary files, which allows an application to access sensitive user data that should be protected. Specifically, the vulnerability relates to how temporary files are managed and isolated, enabling an unprivileged app to read data it normally would not have access to. The affected versions include macOS Sequoia prior to 15.7.2, macOS Tahoe prior to 26.1, and macOS Sonoma prior to 14.8.2, as well as iOS and iPadOS versions before 26.1. The CVSS v3.1 base score is 5.5 (medium severity), with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local attack vector, low attack complexity, no privileges required, user interaction needed, unchanged scope, high confidentiality impact, and no impact on integrity or availability. This means an attacker must have local access and trick the user into interaction, but no elevated privileges are needed. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information). No public exploits are known at this time, but the risk remains significant due to the potential for sensitive data leakage. The issue was addressed by Apple through improved temporary file handling in the specified patched OS versions.

For European organizations, this vulnerability poses a confidentiality risk where sensitive user data on Apple devices could be exposed to malicious local applications. This could lead to unauthorized disclosure of personal or corporate information, potentially violating data protection regulations such as GDPR. While the vulnerability does not affect system integrity or availability, the exposure of sensitive data could result in reputational damage, compliance penalties, and loss of trust. Organizations with employees using macOS, iOS, or iPadOS devices—especially in sectors handling sensitive or regulated data like finance, healthcare, and government—are at higher risk. The requirement for local access and user interaction limits remote exploitation but insider threats or social engineering attacks could leverage this vulnerability. The absence of known exploits reduces immediate risk but does not eliminate the threat, making proactive patching critical.

1. Apply the latest Apple security updates immediately: macOS Sequoia 15.7.2, Tahoe 26.1, Sonoma 14.8.2, iOS 26.1, and iPadOS 26.1 or later. 2. Restrict installation of untrusted or unnecessary applications to reduce the risk of malicious apps gaining local access. 3. Implement strict endpoint protection and application whitelisting on Apple devices to detect and block suspicious behavior. 4. Educate users about the risk of interacting with untrusted applications or links that could trigger exploitation. 5. Monitor local device logs and behaviors for unusual file access patterns or unauthorized attempts to read sensitive data. 6. Use Mobile Device Management (MDM) solutions to enforce security policies and ensure timely patch deployment across all managed Apple devices. 7. Limit local user privileges where possible to reduce the attack surface. 8. Conduct regular audits of installed applications and temporary file handling configurations to ensure compliance with security best practices.