Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox.
Published: 2026-02-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

A logic flaw in the sandbox enforcement can allow a malicious or compromised application to break out of its confined environment, thereby gaining unauthorized access to system resources and data. The vulnerability is a missing security check issue, classified as CWE-693, and can lead to elevated privileges that compromise system integrity.

Affected Systems

Apple iOS, iPadOS, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, and watchOS 26.3 are all affected. The issue has been resolved starting with iOS 26.3, iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, and watchOS 26.3.

Risk and Exploitability

The CVSS score of 8.8 marks this as a high‑severity vulnerability, while the EPSS score of less than 1% indicates that exploitation attempts are currently rare. The attacker would need a malicious or vulnerable application to be run on the device, and based on the description it is inferred that the attack vector is local. Because the vulnerability enables privilege escalation, the potential impact on confidentiality, integrity, and availability is substantial, necessitating urgent remediation.

Generated by OpenCVE AI on April 16, 2026 at 01:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS update that includes iOS 26.3, iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, or watchOS 26.3.
  • Verify that all installed applications are sourced from trusted developers and absent of known malicious activity.
  • Configure device or network restrictions to limit the execution of untrusted apps, such as enabling App Store and Gatekeeper safeguards.

Generated by OpenCVE AI on April 16, 2026 at 01:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Title Sandbox Enforcement Logic Flaw Allowing Application Breakout

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox. A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox.

Fri, 13 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-693

Thu, 12 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple watchos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:08:57.940Z

Reserved: 2025-11-11T14:43:07.866Z

Link: CVE-2026-20667

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:09.113

Modified: 2026-04-02T19:21:20.170

Link: CVE-2026-20667

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T01:15:20Z

Weaknesses