Impact
A macOS application may exploit improper handling of symbolic links to read files outside its prescribed directories, exposing protected user data. The flaw, present before macOS Sequoia 15.4, stems from the operating system not validating symlink targets before allowing them to be followed, thereby letting an app bypass normal access restrictions.
Affected Systems
Apple macOS operating system versions prior to Sequoia 15.4 are affected. The issue is resolved in macOS Sequoia 15.4 and later releases.
Risk and Exploitability
The CVSS score is 5.5 and the EPSS score is less than 1%, indicating a low likelihood of exploitation. It is not listed in the CISA KEV catalog. The vulnerability requires a local application that can create or access symlinks, suggesting that an attacker with user-level privileges could potentially leverage the flaw to read protected files if such functionality is permitted.
OpenCVE Enrichment