Apple’s accessibility framework has been found vulnerable to a critical Transparency, Consent, and Control (TCC) bypass that exposes sensitive user data and enables arbitrary AppleScript execution.
Researchers have disclosed CVE-2025-43530, a vulnerability in the ScreenReader.The framework’s MIG service permits attackers to execute unauthorized AppleScript commands and send AppleEvents to protected processes without user consent.
The vulnerability resides in the private API within ScreenReader.framework, specifically the com. Apple.scrod MIG service launched from system configuration files.
The flaw exists in the trust validation mechanism employed by the service routine __SCROXGetValueForKeyWithObject, which determines whether an XPC client can execute privileged operations.
The implementation contains two critical security issues that undermine TCC protections.
First, the vulnerability accepts any process signed by Apple as trusted.
Attackers can inject malicious code into Apple-signed executables such as /usr/libexec/ssh-apple-pkcs11 without requiring root privileges.
This injection technique bypasses signature verification, allowing attackers to masquerade as trusted system processes.
Second, the service authenticates clients using the SecStaticCodeCreateWithPath API rather than the client’s audit token.
This approach introduces a Time-of-Check-Time-of-Use (TOCTOU) attack window, allowing attackers to manipulate process identity between validation and execution.
Successful exploitation enables attackers to execute arbitrary AppleScript files and dispatch AppleEvents to any target process, including Finder.
This completely circumvents TCC protections that normally prevent unauthorized access to sensitive user data, documents, and system functionality.
The attack requires only local access not elevated privileges making it a significant risk for multi-user systems.
Researchers note that at least nine additional MIG service routines share the same vulnerable trust-checking logic, potentially creating similar exploitation paths.
Affected services include __XRegisterWithServer, __XSendEvent, and __XPerformAction, as reported by Jhftss in GitHub.
Apple patched the vulnerability in macOS 26.2 by restricting trust to processes explicitly holding the “com.apple.private.accessibility.scrod” entitlement.
The updated validation now uses the client’s audit token rather than static code path verification, eliminating the TOCTOU window.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.