CVE-2025-43408 is a security vulnerability identified in Apple macOS that permits an attacker with physical access to a locked device to retrieve contact information directly from the lock screen. The root cause is insufficient restriction of options presented on the lock screen, which inadvertently exposes sensitive contact data without requiring device authentication. This vulnerability compromises the confidentiality of user data, as contacts may contain personal and business-related information. Apple has released patches in macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 to address this issue by restricting the available options on locked devices, effectively preventing unauthorized access to contacts. The vulnerability does not require any user interaction beyond physical access, and no exploits have been reported in the wild to date. The affected versions are unspecified but presumably include versions prior to the patched releases. This vulnerability is particularly relevant for environments where macOS devices are used in sensitive contexts and where physical device security may be limited. The lack of a CVSS score necessitates an independent severity assessment based on impact and exploitability factors.

The primary impact of CVE-2025-43408 is the unauthorized disclosure of contact information from locked macOS devices, which can lead to privacy breaches and potential social engineering or targeted attacks. For European organizations, especially those handling sensitive or regulated data, this exposure could violate data protection regulations such as GDPR if personal data is leaked. The requirement for physical access limits the attack vector to scenarios involving device theft, loss, or insider threats. However, in sectors like government, finance, and critical infrastructure where macOS devices are prevalent, the risk is elevated due to the sensitivity of contact information. The vulnerability does not affect system integrity or availability but undermines confidentiality, potentially facilitating further attacks or espionage. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially if devices remain unpatched.

To mitigate CVE-2025-43408, European organizations should prioritize deploying the security updates macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 across all affected devices. Beyond patching, organizations should enforce strict physical security policies to prevent unauthorized access to devices, including secure storage, use of cable locks, and controlled access to workspaces. Enabling full disk encryption with FileVault and requiring strong authentication mechanisms can further reduce risk. Additionally, disabling or limiting lock screen features that expose sensitive information, such as contact previews or Siri access, can provide an extra layer of protection. Regular security awareness training should emphasize the risks of physical device access and the importance of reporting lost or stolen devices promptly. For high-risk environments, consider implementing mobile device management (MDM) solutions to enforce security policies and remotely wipe compromised devices.