CVE-2025-43408 is a vulnerability identified in Apple macOS that permits an attacker with physical access to a locked device to access the contacts list without authentication. The root cause lies in insufficient restrictions on the options available on the lock screen, which allowed unauthorized viewing of contact information. This vulnerability affects unspecified versions of macOS prior to the patched releases: Sequoia 15.7.2, Tahoe 26.1, and Sonoma 14.8.2. The vulnerability is classified under CWE-284 (Improper Access Control), indicating that the system failed to enforce proper access restrictions on sensitive data. The CVSS v3.1 base score is 2.4, reflecting a low severity primarily due to the requirement for physical access and the limited impact scope. The attack vector is physical (AV:P), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact affects confidentiality (C:L) only, with no impact on integrity or availability. No known exploits are currently in the wild. The vulnerability was addressed by Apple by restricting the options available on the lock screen to prevent unauthorized access to contacts. This fix reduces the attack surface by ensuring that sensitive contact data cannot be viewed without unlocking the device. Organizations using macOS devices should verify their versions and apply updates promptly to mitigate this risk. Additionally, physical security controls remain critical to prevent unauthorized physical access to devices.

The primary impact of CVE-2025-43408 is the unauthorized disclosure of contact information from a locked macOS device. For European organizations, this could lead to privacy violations, especially if contact data includes sensitive personal or business information. While the vulnerability does not allow modification or deletion of data, nor does it affect system availability, the exposure of contact lists could facilitate social engineering attacks, spear phishing, or other targeted intrusions. Organizations with macOS devices used in public-facing or shared environments are at higher risk. The requirement for physical access limits the threat to scenarios where devices are lost, stolen, or accessed in unsecured locations. In sectors with strict data protection regulations such as GDPR, even limited data exposure can have compliance implications and lead to reputational damage. Therefore, the impact is primarily on confidentiality and privacy, with indirect risks to organizational security posture through potential follow-on attacks.

1. Immediately update all macOS devices to the patched versions: Sequoia 15.7.2, Tahoe 26.1, or Sonoma 14.8.2 to ensure the vulnerability is remediated. 2. Enforce strict physical security policies to prevent unauthorized access to devices, including secure storage, access controls, and monitoring in shared or public spaces. 3. Implement device encryption and strong lock screen passcodes or biometric authentication to reduce the risk of unauthorized physical access. 4. Educate employees about the risks of leaving devices unattended and the importance of locking screens when not in use. 5. Regularly audit and inventory macOS devices to ensure compliance with patch management policies. 6. Consider deploying endpoint detection and response (EDR) solutions that can alert on suspicious physical access or device tampering. 7. Review and restrict lock screen functionalities where possible via configuration profiles or mobile device management (MDM) to minimize data exposure. 8. Maintain incident response plans that include procedures for lost or stolen devices to quickly mitigate potential data exposure.