Description
This issue was addressed with improved entitlements. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.
Published: 2025-11-04
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox Escape
Action: Apply Patch
AI Analysis

Impact

A flaw in entitlement handling permits an application to escape its sandbox, enabling unauthorized access to protected data or system resources, consistent with CWE‑284. The vulnerability can allow an app to gain elevated privileges beyond its intended boundaries.

Affected Systems

Apple iOS and iPadOS, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, and visionOS 26.1. The affected operating systems are iOS 26.1 and iPadOS 26.1, together with the specified macOS, tvOS, and visionOS releases.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while an EPSS score of less than 1% suggests a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, implying no widespread active exploitation. The likely attack vector is a local privilege escalation through a malicious or vulnerable application that mis‑uses entitlement checks; an attacker could create or modify an app to trigger the entitlement bypass and escape the sandbox. Because of the moderate exploitability and the lack of current exploitation reports, this risk is considered significant but presently unlikely to be widely deployed.

Generated by OpenCVE AI on April 27, 2026 at 23:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest released OS versions that include the entitlement fix.
  • Temporarily restrict or uninstall applications that depend on the vulnerable entitlements until the OS update is applied.
  • Continuously monitor for abnormal sandbox behavior and validate application entitlements for unexpected privilege elevation.

Generated by OpenCVE AI on April 27, 2026 at 23:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Title Sandbox Escape via Improper Entitlement Enforcement

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved entitlements. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to break out of its sandbox. This issue was addressed with improved entitlements. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved entitlements. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may be able to break out of its sandbox. This issue was addressed with improved entitlements. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to break out of its sandbox.
References

Wed, 05 Nov 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Tue, 04 Nov 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple tvos
Apple visionos
Vendors & Products Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple tvos
Apple visionos

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved entitlements. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may be able to break out of its sandbox.
References

Subscriptions

Apple Ios Ipados Iphone Os Macos Macos Sequoia Tvos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:23:42.719Z

Reserved: 2025-04-16T15:24:37.121Z

Link: CVE-2025-43407

cve-icon Vulnrichment

Updated: 2025-11-04T18:06:55.793Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:47.120

Modified: 2026-04-02T19:20:41.103

Link: CVE-2025-43407

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:15:06Z

Weaknesses