Impact
A flaw in Apple’s operating systems stems from insecure handling of application state, allowing a well‑targeted app to escape the sandbox in which it runs. By taking advantage of this state‑management issue, an attacker could gain access to system resources beyond the app’s authorized boundaries, potentially reading or modifying sensitive data and services. The impact is a clear privilege escalation, elevating a malicious application’s capabilities to those of the operating system.
Affected Systems
Apple’s iOS and iPadOS devices running versions older than iOS 18.4 and iPadOS 18.4 (or iPadOS 17.7.6), macOS operating systems before Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5, tvOS prior to 18.4, and watchOS before 11.4 remain susceptible.
Risk and Exploitability
The vulnerability has a CVSS base score of 9.8, signifying critical severity, while an EPSS score of 1% indicates a very low but non‑zero exploitation probability. It is not listed in CISA’s KEV catalog, suggesting no widely known exploits yet. Most likely, the attack vector is the execution of a malicious or compromised application on the device, either through a normal app download or social‑engineering tactics. The flaw can be exploited from the application level without requiring additional privileges, making the risk actionable once the affected OS version is reached.
OpenCVE Enrichment
EUVD