The flaw originates from insecure handling of application state, allowing an app to escape its sandbox environment and gain elevated privileges on the device. An attacker controlling or influencing the affected application could access restricted system resources, files, or services that lie outside the app’s sandbox, potentially compromising user data and privacy. This creates a serious privilege escalation risk on the host operating system, exceeding the intended boundaries of the software.

Apple’s mobile and desktop operating systems are affected. Vulnerable suspensions include iOS before 18.4, iPadOS before 18.4 and 17.7.6, macOS Sequoia before 15.4, macOS Sonoma before 14.7.5, macOS Ventura before 13.7.5, tvOS before 18.4, and watchOS before 11.4. Devices running these versions remain susceptible until patched.

The CVSS base score of 9.8 indicates critical severity, while the EPSS figure under 1% denotes a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog, which suggests no publicly known exploits in widespread use. The most likely attack vector is the execution of a malicious or compromised application on the device; an adversary must have ability to install or run code within the target environment, which could be achieved via legitimate app supply chains or through user trickery. The exploitation requires no special privileges beyond the application itself, making the flaw potentially actionable once the affected OS is targeted by a hostile actor.