A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/125634 | |
| https://support.apple.com/en-us/125635 | Patch Vendor Advisory |
| https://support.apple.com/en-us/125636 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Dec 2025, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| Summary | (en) A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data. |
05 Nov 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-347 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
04 Nov 2025, 16:58
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | |
| References | () https://support.apple.com/en-us/125635 - Patch, Vendor Advisory | |
| References | () https://support.apple.com/en-us/125636 - Patch, Vendor Advisory | |
| First Time |
Apple macos
Apple |
04 Nov 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CWE | CWE-200 |
04 Nov 2025, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-11-04 02:15
Updated : 2025-12-17 21:16
NVD link : CVE-2025-43468
Mitre link : CVE-2025-43468
CVE.ORG link : CVE-2025-43468
JSON object : View
Products Affected
apple
- macos
CWE
CWE-347
Improper Verification of Cryptographic Signature