CVE-2025-43408
📋 TL;DR
This vulnerability allows attackers with physical access to a locked macOS device to access contacts from the lock screen. It affects macOS users running vulnerable versions who haven't updated to the patched releases. The issue was addressed by restricting options offered on locked devices.
💻 Affected Systems
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical access could extract contact information including names, phone numbers, and email addresses from a locked device, potentially enabling social engineering or targeted attacks.
Likely Case
An opportunistic attacker with brief physical access could view contact details from a locked device, compromising personal or business contact information.
If Mitigated
With proper physical security controls and updated software, the risk is minimal as the vulnerability requires physical device access.
🎯 Exploit Status
Exploitation requires physical access to the locked device. No authentication bypass needed as the device is already in a locked state.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2
Vendor Advisory: https://support.apple.com/en-us/125634
Restart Required: Yes
Instructions:
1. Open System Settings. 2. Click General. 3. Click Software Update. 4. Install available updates. 5. Restart when prompted.
🔧 Temporary Workarounds
Enable Stronger Lock Screen Security
allConfigure device to require password immediately after sleep or screen saver begins
System Settings > Lock Screen > Require password: Immediately
Disable Lock Screen Widgets
allRemove or disable widgets from lock screen to reduce attack surface
System Settings > Lock Screen > Disable 'Show Widgets'
🧯 If You Can't Patch
- Implement strict physical security controls for unattended devices
- Enable Find My Mac remote lock/wipe capabilities for lost/stolen devices
🔍 How to Verify
Check if Vulnerable:
Check macOS version in System Settings > General > About. If version is earlier than Sequoia 15.7.2, Tahoe 26.1, or Sonoma 14.8.2, the device is vulnerable.Check Version:
sw_versVerify Fix Applied:
Verify macOS version is Sequoia 15.7.2, Tahoe 26.1, or Sonoma 14.8.2 or later in System Settings > General > About.📡 Detection & Monitoring
Log Indicators:
- Unusual lock screen interactions or failed unlock attempts
Network Indicators:
- None - this is a local physical access vulnerability
SIEM Query:
source="macOS" event_type="lock_screen" action="access_contacts"