- Description
- This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access sensitive user data.
- Source
- product-security@apple.com
- NVD status
- Modified
- Products
- macos
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-200
- Hype score
- Not currently trending
''CVE-2025-43530: Exploiting a private API for VoiceOver'' #infosec #pentest #redteam #blueteam https://t.co/IWmUn7NgTK
@CyberWarship
7 Mar 2026
1343 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
#VulnerabilityReport #accessibility New TCC Bypass (CVE-2025-43530) Exposes macOS to Unchecked Automation https://t.co/1B2M3LoURZ
@Komodosec
7 Feb 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
macOS TCC bajo ataque: CVE-2025-43530 permite eludir protecciones y acceder a datos sensibles. Actualiza a macOS 26.2 YA. #ciberseguridad #protecciónavanzada #riskmanagement #infosec #amenazasmodernas https://t.co/5k4drrzKbU
@trustlock_sec
15 Jan 2026
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
macOS: TCC ranjivost (CVE-2025-43530) https://t.co/TRQlRXa6rA #applesigurnost #bezbjednostsistema #cve202543530 #cybersecurity #dataleak #dijeljeniuređaji #kontrolapristupa #macosranjivost #securityupdate #systemtrust #tccsigurnost #tihazloupotreba #toctouattack
@SajberInfoBlog
10 Jan 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-43530: The Silent macOS TCC Bypass That Peeks at Your Data Without a Single Prompt Read the full report on - https://t.co/MymznHJKTM https://t.co/s1eVQA2x6o
@cyberbivash
6 Jan 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 macOS TCC Bypass (CVE-2025-43530) Lets Attackers Abuse VoiceOver “https://t.co/Pg0Pt5RrhT.scrod” to Access Protected Data A local attacker can exploit a flaw in VoiceOver’s ScreenReader.framework (`https://t.co/Pg0Pt5RrhT.scrod`) trust verification to bypass TCC and ex
@ThreatSynop
6 Jan 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New macOS TCC Bypass (CVE-2025-43530) Abuses VoiceOver ScreenReader Service to Steal Sensitive Data A flaw in macOS’s `https://t.co/Pg0Pt5RrhT.scrod` (ScreenReader/VoiceOver) trust verification lets attackers bypass TCC by exploiting file-path-based checks
@ThreatSynop
6 Jan 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-43530 disclosed in macOS TCC, enabling attackers to abuse the VoiceOver framework to bypass privacy controls and access microphone, camera, and other sensitive user data. #macOS https://t.co/WHD0pgdPiD
@threatcluster
6 Jan 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-43530: Exploiting a private API for VoiceOver [on macOS] https://t.co/f4DYitgVnD
@Dinosn
1 Jan 2026
1771 Impressions
2 Retweets
8 Likes
1 Bookmark
1 Reply
1 Quote
CVE-2025-43530: Exploiting a private API for VoiceOver - https://t.co/OgB9karddQ #Apple #cve #infosec #dfir
@Din3zh
31 Dec 2025
418 Impressions
0 Retweets
6 Likes
4 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E37DC2A-33E6-480B-8DFE-4F6558F0A895",
"versionEndExcluding": "14.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3428C860-E02D-4FE9-96F4-58EEAAB8321D",
"versionEndExcluding": "15.7.3",
"versionStartIncluding": "15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]