TCC Bypass vulnerabilities in six applications for MacOS

CERT Polska coordinated disclosure reporting multiple macOS application vulnerabilities (CVE-2025-8672, CVE-2025-53811, CVE-2025-9190, CVE-2025-53813, CVE-2025-8597, CVE-2025-8700) affecting GIMP, Mosh‑Pro, Cursor, Nozbe, MacVim and Invoice Ninja where bundled interpreters, configuration options or the com.apple.security.get-task-allow entitlement can allow a local unprivileged attacker to inherit TCC permissions or attach debuggers and inject code to access privacy-protected data; some issues have been patched while others remain unpatched or rejected by maintainers.