CVE-2025-43410

// CVE-2025-43410 PoC Concept // Note: This is a conceptual PoC for educational purposes only // Physical access to the target machine is required /* import Foundation class NotesCacheExploit { func accessDeletedNotes() -> [String] { // Access Notes application cache directory let cachePath = "~/Library/Group Containers/group.com.apple.notes/" // Read cached notes data that should have been deleted let fileManager = FileManager.default if let cacheFiles = try? fileManager.contentsOfDirectory(atPath: cachePath) { var deletedNotes: [String] = [] for file in cacheFiles { if file.hasSuffix(".sqlite") || file.contains("NoteStore") { // Read SQLite database containing cached notes let fullPath = (cachePath as NSString).appendingPathComponent(file) // Parse database to extract deleted notes content deletedNotes.append(contentsOf: extractNotesFromDB(fullPath)) } } return deletedNotes } return [] } private func extractNotesFromDB(_ path: String) -> [String] { // Implementation would involve SQLite database parsing // to extract notes marked as deleted but still present in cache return [] } } // This vulnerability allows viewing of deleted notes through cache access // Fixed in: macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2 */

{"cve": {"id": "CVE-2025-43410", "sourceIdentifier": "[email protected]", "published": "2025-12-12T21:15:54.110", "lastModified": "2026-04-02T19:20:41.590", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.4, "baseSeverity": "LOW", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-524"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.8.2", "matchCriteriaId": "84A2783A-5B53-4DAB-80C4-8D62E332802A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.2", "matchCriteriaId": "4BE8199E-63D1-496C-B107-52853CFC2311"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125635", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125636", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]"}]}}