Sequoia File Integrity Issue

MEDIUM (5.5) No Patch (42 days)
cwe-347applefile-integritysensitive-data-accesssequoiasymlinks

Threat Intelligence

Low Risk
EPSS Score: 0.01% chance of exploitation (percentile: 0%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

macOS Sequoia is a version of macOS that uses the AppleMobileFileIntegrity framework to manage file system integrity. This vulnerability affects how the framework handles symlinks, allowing an attacker to access sensitive user data by manipulating these links.

Am I affected?

This issue affects macOS Sequoia versions 2025 through 43322. To check if you're affected, run the following command:

xcrun -sdk macosx --show-sdk-version

Note: This is not a direct check for the vulnerability, but rather to verify that your system is running a compatible version of macOS Sequoia.

Affected Products

Apple Inc. / macOS Sequoia

How to fix

To fix this issue, you can upgrade to macOS Sonoma 14.8.2 or later. Alternatively, you can apply immediate mitigations:

  1. Run xcrun -sdk macosx --show-sdk-version to verify your system version.
  2. If you're using a compatible version of macOS Sequoia, you don't need to take any further action.

References