CVE-2025-43542 is a security vulnerability identified in Apple macOS that affects the handling of password fields during remote control sessions conducted over FaceTime. The root cause is improper state management within the remote control feature, which can lead to password fields being unintentionally revealed to the remote controller or potentially other unauthorized parties. This means that when a user is remotely controlling a macOS device through FaceTime, password inputs that are normally masked or hidden may become visible, exposing sensitive credentials. The vulnerability was addressed and fixed in macOS Sequoia 15.7.3 by improving the state management logic to ensure password fields remain concealed during remote sessions. The affected versions are unspecified but include all versions prior to the patch release. There are no known exploits in the wild at this time, but the vulnerability poses a significant risk because it compromises confidentiality by exposing passwords. The attack vector requires remote control over FaceTime, implying that an attacker must have some level of access or social engineering capability to initiate such a session. The vulnerability does not require user interaction beyond the remote control session itself. Since no CVSS score is provided, severity assessment is based on the potential impact on confidentiality, the ease of exploitation during remote control, and the scope of affected systems running macOS with FaceTime remote control enabled.

For European organizations, this vulnerability could lead to unauthorized disclosure of passwords during remote support or collaboration sessions using FaceTime remote control on macOS devices. This exposure risks credential theft, unauthorized access to corporate systems, and potential lateral movement within networks. Organizations relying on macOS in IT support, remote administration, or teleworking environments are particularly vulnerable. Confidentiality breaches could result in data loss, compliance violations (e.g., GDPR), and reputational damage. The vulnerability could be exploited by insiders or external attackers who gain remote control privileges, making it a vector for targeted attacks or insider threats. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as the vulnerability is publicly disclosed. The impact on integrity and availability is minimal, but the confidentiality impact is significant. The scope includes all macOS devices using FaceTime remote control features, which are common in many European enterprises and public sector organizations.

1. Immediately update all macOS devices to macOS Sequoia 15.7.3 or later to apply the patch that fixes this vulnerability. 2. Restrict the use of FaceTime remote control features to trusted personnel only, and disable remote control capabilities where not strictly necessary. 3. Implement strict access controls and multi-factor authentication for initiating remote control sessions to reduce the risk of unauthorized access. 4. Educate users and IT support staff about the risks of exposing sensitive information during remote sessions and encourage vigilance. 5. Monitor remote control session logs and network traffic for unusual activity that could indicate exploitation attempts. 6. Consider alternative secure remote support tools with stronger security guarantees if FaceTime remote control is not essential. 7. Review and enforce policies on password entry and screen sharing during remote sessions to minimize exposure. 8. Coordinate with Apple support and security advisories for any further updates or mitigations.