macOS Sandbox Escape Vulnerability

MEDIUM (5.2) No Patch (42 days)
cwe-284applefile-integritymacossandbox-escapesecurity-bypass

Threat Intelligence

Low Risk
EPSS Score: 0.01% chance of exploitation (percentile: 2%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

This vulnerability allows an app to break out of its sandbox and access user-sensitive data. macOS uses a sandboxing mechanism to isolate apps from each other and the system. However, if an app can manipulate the file integrity of its own files, it may be able to bypass this isolation.

Am I affected?

You're affected if you use macOS Sequoia 15.7.2 or later versions. Version info: Affected versions: 2025 through 43322. Check with: xcrun --sdk macos --find /System/Library/PrivateFrameworks/AppleMobileFileIntegrity.framework/Versions/A 2>/dev/null

Note that this vulnerability is specific to macOS and does not affect other operating systems.

Affected Products

Apple Inc. / macOS

How to fix

  1. Upgrade to macOS Sequoia 15.7.3 or later: https://support.apple.com/en-us/HT201222
  2. Immediate mitigations:
  3. Restrict network access to your Mac (firewall it from the public internet)
  4. Audit app activity for suspicious access patterns
  5. Monitor for unauthorized file modifications

References