Description
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.
Published: 2026-06-11
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An application may bypass launch constraint protections, enabling it to execute malicious code with elevated privileges. The vulnerability allows a user‑local or application‑level attacker to gain higher privileges than intended, potentially compromising system integrity and confidentiality. The weakness involves improper enforcement of launch constraints, a typical scenario for privilege escalation weaknesses.

Affected Systems

Apple macOS systems are affected, with the flaw addressed in macOS Sequoia 15.4. Versions of macOS prior to Sequoia 15.4 are potentially vulnerable although specific sub‑versions are not enumerated in the available data.

Risk and Exploitability

The CVSS score is 7.8, but the EPSS score is unavailable. The vulnerability is not listed in the CISA KEV catalog. While the exact attack vector is not explicit, based on the description it is inferred that an attacker must run or influence a local application to exploit the flaw. The risk is significant because successful exploitation would grant elevated privileges, but the likelihood of exploitation cannot be quantified without EPSS data. The vulnerability remains a notable local privilege escalation risk for affected macOS installations.

Generated by OpenCVE AI on June 12, 2026 at 00:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Sequoia 15.4 or later, which contains the fix
  • Prevent the execution of the vulnerable or potentially malicious application by removing it or restricting its launch permissions
  • Apply any additional macOS security updates that may further harden launch constraint enforcement

Generated by OpenCVE AI on June 12, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/122373 cve-icon cve-icon
History

Fri, 12 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Launch Constraint Bypass in macOS Sequoia

Thu, 11 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Bypass of Launch Constraint Protections in macOS
Weaknesses CWE-732

Thu, 11 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Bypass of Launch Constraint Protections in macOS
Weaknesses CWE-732

Thu, 11 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-11T19:39:39.825Z

Reserved: 2025-03-27T16:13:58.343Z

Link: CVE-2025-31272

cve-icon Vulnrichment

Updated: 2026-06-11T19:21:09.995Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-11T19:16:27.567

Modified: 2026-06-11T20:51:53.840

Link: CVE-2025-31272

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T00:30:07Z

Weaknesses
  • CWE-269

    Improper Privilege Management