Description
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.
Published: 2025-12-12
Score: 5.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox Escape
Action: Update macOS
AI Analysis

Impact

The vulnerability is a permissions flaw that permits an application to gain unauthorized access to system resources by escaping the sandbox imposed by macOS. The flaw is linked to CWE-284, a weakness that allows privilege escalation through improper access control. Because the sandbox is designed to isolate applications, an escape could provide an attacker with the ability to read or modify data outside the application’s allowed scope, potentially compromising user data and system integrity.

Affected Systems

Apple macOS users are affected. Versions of macOS Tahoe released before the 26.1 update contain the flaw; the fix is included in macOS Tahoe 26.1 and later releases. The specific CPE indicates the issue applies broadly across macOS products.

Risk and Exploitability

The CVSS score of 5.2 indicates moderate severity, while the EPSS score of less than 1% signifies a very low, yet non-zero, likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would likely need local or application-level access to exploit the sandbox escape, suggesting a physical or user-controlled entry point is required.

Generated by OpenCVE AI on April 27, 2026 at 22:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the macOS 26.1 update or later to remove the sandbox permissions flaw.
  • Use System Preferences to restrict applications to those from the App Store or identified developers, reducing the chance of executing malicious software that could attempt a sandbox escape.
  • Enable and review the built‑in System Integrity Protection and Gatekeeper settings to ensure only trusted binaries can run on the system.

Generated by OpenCVE AI on April 27, 2026 at 22:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125634 cve-icon cve-icon
History

Mon, 27 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title macOS Sandbox Permissions Leak Allowing Application Escape

Mon, 15 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 15 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Tahoe

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.
References

Subscriptions

Apple Macos Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:29.683Z

Reserved: 2025-04-16T15:24:37.118Z

Link: CVE-2025-43393

cve-icon Vulnrichment

Updated: 2025-12-15T19:58:51.842Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-12T21:15:53.713

Modified: 2025-12-15T22:03:07.093

Link: CVE-2025-43393

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T22:45:15Z

Weaknesses