CVE-2025-24173

CVE-2025-24173 is a sandbox escape vulnerability (CWE-284: Improper Access Control) affecting multiple Apple operating systems, including iOS prior to version 18.4, iPadOS prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, visionOS prior to 2.4, and watchOS prior to 11.4. Published on 2025-03-31, the issue stems from insufficient entitlement checks, enabling an app to break out of its designated sandbox. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by a local attacker with no required privileges, provided they have local access and can induce user interaction, such as running a malicious app. Upon execution, the app escapes its sandbox confines, potentially granting high-impact access to unauthorized system resources, compromising confidentiality, integrity, and availability without changing scope.

Apple security advisories detail that the issue was mitigated through additional entitlement checks, with fixes available in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, and watchOS 11.4. Practitioners should prioritize updating affected devices. Further details are in the advisories at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375.