ZDI 2026-03-30

ZDI-26-231: Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability

CVE-2026-20695

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires a local attacker with low-privileged code execution to disclose sensitive information. It affects Apple macOS installations with a CVSS rating of 3.8.

Context

This vulnerability affects Apple macOS installations and involves exposure of sensitive information to unauthorized actors. The advisory describes an information disclosure vulnerability that requires local access and low-privileged code execution to exploit. The advisory notes the vulnerability is assigned CVE-2026-20695.

Operator considerations

The source does not provide enough basis for specific operator guidance beyond general system hardening practices.

From Zero Day Initiative ↗

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.8. The following CVEs are assigned: CVE-2026-20695.

Read the full advisory on ZDI →