Primary

Context

Apple macOS CoreMedia Race Condition Vulnerability Allowing Unauthorized Access to Sensitive User Data

Vulnerability

Patched

A race condition vulnerability has been identified in the CoreMedia component of Apple macOS. This issue allows an application to potentially access sensitive user data without proper authorization. The vulnerability arises from inadequate state management, creating a timing issue that could be exploited to bypass data access restrictions. This race condition has been addressed in both macOS Sequoia 15.7 and macOS Tahoe 26.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user data by applications.

Added: Sep 16, 2025, 12:36 AM

Updated: Sep 16, 2025, 12:36 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

2.9

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

2.9

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple macOS CoreMedia Race Condition Vulnerability Allowing Unauthorized Access to Sensitive User Data

Vulnerability

Impact

Affected Products

Apple macOS Sequoia

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating