A maliciously crafted disk image can circumvent the Gatekeeper mechanism that normally restricts the execution of files from untrusted sources. When the quarantine bypass is applied, the operating system interprets the disk image as a legitimate, trusted artifact and permits its contents to run without the usual integrity verification. This flaw removes a key layer of security that protects users from running malicious code, potentially compromising system integrity and confidentiality.

Apple products are affected, including iOS and iPadOS at versions earlier than 18.7.9, macOS Sequoia 15.7.7 and earlier, macOS Sonoma 14.8.7 and earlier, and macOS Tahoe 26.5 and earlier. Any device running those prior releases is vulnerable and must be updated.

The vulnerability is software only; no user interaction is required beyond opening a malicious disk image. Because the flaw lies in the quarantine handling, an attacker can disturb a user's system without needing elevated privileges. The EPSS score is <1%, making it difficult to estimate current exploitation probability, and the vulnerability is not listed in KEV, suggesting no known widespread exploitation. However, the CVSS score of 7.5 indicates a high severity associated with enabling arbitrary code execution and warrants a high risk posture. Apple has addressed the issue with OTA releases containing additional checks that enforce quarantine verification for disk images.