CVE-2025-43516
📋 TL;DR
A session management vulnerability in macOS Voice Control allows users with Voice Control enabled to potentially transcribe another user's activity. This affects macOS Tahoe, Sequoia, and Sonoma users who have Voice Control enabled. The issue involves improper isolation between user sessions when Voice Control is active.
💻 Affected Systems
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
An attacker with Voice Control enabled could capture and transcribe sensitive information from another user's session, potentially exposing confidential data, passwords, or private communications.
Likely Case
Inadvertent or accidental transcription of another user's activity in shared device scenarios, leading to privacy violations and information disclosure.
If Mitigated
Limited to users with Voice Control enabled on affected macOS versions; impact is contained to local device access scenarios.
🎯 Exploit Status
Requires Voice Control to be enabled and access to the affected device. Exploitation likely requires local access or remote control of the device.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3
Vendor Advisory: https://support.apple.com/en-us/125886
Restart Required: Yes
Instructions:
1. Open System Settings > General > Software Update. 2. Install available updates for your macOS version. 3. Restart your Mac when prompted.
🔧 Temporary Workarounds
Disable Voice Control
allTemporarily disable Voice Control accessibility feature until patching is complete
System Settings > Accessibility > Voice Control > Turn Off
🧯 If You Can't Patch
- Disable Voice Control in System Settings > Accessibility
- Implement strict user separation policies and avoid shared device usage
🔍 How to Verify
Check if Vulnerable:
Check macOS version in System Settings > General > About. If version is earlier than Tahoe 26.2, Sequoia 15.7.3, or Sonoma 14.8.3, and Voice Control is enabled, the system is vulnerable.Check Version:
sw_versVerify Fix Applied:
Verify macOS version is Tahoe 26.2, Sequoia 15.7.3, or Sonoma 14.8.3 or later in System Settings > General > About.📡 Detection & Monitoring
Log Indicators:
- Unusual Voice Control activation patterns
- Multiple user sessions with Voice Control enabled simultaneously
Network Indicators:
- Local session activity that doesn't match expected user behavior
SIEM Query:
source="macOS" event_type="accessibility" feature="Voice Control" user_change=true