A critical sandbox escape vulnerability was discovered in multiple Apple operating systems, tracked as CVE-2025-31191. The flaw resides in the security-scoped bookmarks mechanism, which is intended to grant sandboxed applications persistent, user-approved access to files outside their containers. By exploiting a weak keychain protection model, a malicious process running inside any vulnerable sandboxed app can delete the legitimate signing secret for the ScopedBookmarkAgent and replace it with an attacker-controlled key. With the new key in place, the attacker can generate forged bookmarks for arbitrary files, inject them into the securebookmarks.plist, and bypass App Sandbox restrictions without additional user consent. This chain of actions enables unauthorized access to sensitive user data, including private documents and potentially system files, elevating privileges and paving the way for further exploitation. The proof-of-concept demonstrated by Microsoft showed an Office macro delivering the exploit, but any sandboxed app on macOS Ventura, Sequoia, Sonoma, iOS, iPadOS, or tvOS is at risk. Apple has released patches that improve state management to prevent key deletion and replacement, and users are urged to update immediately. Organizations leveraging Microsoft Defender for Endpoint can detect suspicious keychain manipulations related to this attack vector.
Source: https://cybersecuritynews.com/macos-sandbox-escape-vulnerability/
"id": "app300050225",
"linkid": "apple",
"type": "Vulnerability",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"