Sandbox Escape Vulnerability in Apple Operating Systems
CVE-2025-24173

7.8HIGH

Key Information:

Vendor: Apple
Status: TV OS; iOS And iPad OS; iPad OS; Mac OS
Vendor: CVE Published:; 31 March 2025

Summary

A vulnerability has been identified that allows an application to potentially escape its sandbox environment, which could lead to unauthorized access to sensitive data and functions in the operating system. Apple has addressed this issue by implementing additional entitlement checks in several versions of its operating systems including visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. Users are encouraged to update their devices to mitigate the risk associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

References

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122372

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Jan 17, 2025