CVE-2025-43412

Vulnerability

Overview

CVE-2025-43412 is a file quarantine bypass vulnerability in macOS that could allow an app to break out of its sandbox. The issue was addressed with additional checks in macOS Tahoe 26.1, macOS Sequoia 15.7.2, and macOS Sonoma 14.8.2 [1][2][3]. The root cause is a logic issue in how the system handles file quarantine, which could be exploited to bypass sandbox restrictions.

Exploitation

An attacker would need to have an app installed on the target system that can exploit this logic issue. The attack does not require special network access or user interaction beyond installing the malicious app. The vulnerability is local in nature, meaning the attacker must already have some level of access to the system, such as through a downloaded app.

Impact

Successful exploitation could allow an app to break out of its sandbox, potentially gaining access to sensitive user data or other system resources that should be protected by the sandbox. Apple's advisories note that an app may be able to access sensitive user data [1][1][2][3].

Mitigation

Mitigation

Apple has released patches for all affected macOS versions: Tahoe 26.1, Sequoia 15.7.2, and Sonoma 14.8.2, all released on November 3, 2025 [1][2][3]. Users should update their systems to the latest available versions to mitigate this vulnerability.