Description
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox.
Published: 2025-11-04
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox Escape
Action: Immediate Patch
AI Analysis

Impact

A file quarantine bypass was reported that allows a process to evade macOS quarantine checks. The vulnerability permits an application to break out of its sandbox, granting it elevated privileges. The weakness is an access‑control flaw (CWE‑284).

Affected Systems

Apple macOS products are affected, specifically all releases prior to macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1. The fix was included in those versions.

Risk and Exploitability

The CVSS score is 6.3, indicating moderate risk. The EPSS score of less than 1 % suggests a low probability of exploitation in the wild. The vulnerability is not yet listed in the CISA KEV catalog. The attack vector is likely local and requires a malicious or compromised application to exploit, inferred from the description that an app may break out of its sandbox. Exploitation would let the app bypass security boundaries and potentially execute arbitrary code with elevated privileges.

Generated by OpenCVE AI on April 22, 2026 at 21:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS updates that include macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, or macOS Tahoe 26.1 or later.
  • Verify that Gatekeeper is enabled and set to “App Store and identified developers” to enforce quarantine checks.
  • Monitor the system for unexpected file quarantine bypass attempts and limit the installation of non‑signed or untrusted applications.

Generated by OpenCVE AI on April 22, 2026 at 21:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Title File Quarantine Bypass Allowing Sandbox Escape on macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to break out of its sandbox. A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to break out of its sandbox. A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to break out of its sandbox.
References

Wed, 05 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

 cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L'}

Tue, 04 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Tue, 04 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to break out of its sandbox.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:10:15.464Z

Reserved: 2025-04-16T15:24:37.121Z

Link: CVE-2025-43412

cve-icon Vulnrichment

Updated: 2025-11-04T16:32:04.719Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:47.503

Modified: 2026-04-02T19:20:41.920

Link: CVE-2025-43412

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T22:00:18Z

Weaknesses