CVE-2025-46281
Sandbox Escape via Logic Flaw in macOS Tahoe
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 26.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a logic issue in macOS that was fixed by improving certain checks. It could allow an application to break out of its sandbox, which is a security mechanism that restricts app capabilities.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an app to escape its sandbox restrictions, potentially leading to unauthorized access to system resources or data beyond what the app is normally permitted to access.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in macOS Tahoe 26.2. To mitigate this vulnerability, update your system to macOS Tahoe 26.2 or later to apply the fix that improves sandbox escape checks.