CVE-2025-46282 — Improper Access Control in Apple Macos

CWE-284 — Improper Access Control6 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 97.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Safari

Timeline

PublishedDec 17

Description

The issue was addressed with additional permissions checks. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. An app may be able to access sensitive user data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5apple/macos< 26.2

▶NVDapple/macos< 26.2

▶CVEListV5apple/safari< 26.2

▶NVDapple/safari< 26.2

🔴Vulnerability Details

CVEList

CVE-2025-46282: The issue was addressed with additional permissions checks↗2025-12-17

▶

GHSA

GHSA-59j9-9vvv-34jx: The issue was addressed with additional permissions checks↗2025-12-17

▶

📋Vendor Advisories

Apple

CVE-2025-46282: macOS Tahoe 26.2↗2025-12-12

▶

Apple

CVE-2025-46282: Safari 26.2↗2025-12-12

▶

🕵️Threat Intelligence

Wiz

CVE-2025-46282 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶