This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 5
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Apple Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
|
— |
26.3
|
|
Apple Iphone_Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
|
— |
26.3
|
|
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
|
14.0
|
14.8.4
|
|
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
|
15.0
|
15.7.4
|
|
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
|
26.0
|
26.3
|
References 7
https://support.apple.com/en-us/126346
product-security@apple.com
https://support.apple.com/en-us/126348
product-security@apple.com
https://support.apple.com/en-us/126349
product-security@apple.com
https://support.apple.com/en-us/126350
product-security@apple.com
https://support.apple.com/en-us/126794
product-security@apple.com
https://support.apple.com/en-us/126795
product-security@apple.com
https://support.apple.com/en-us/126796
product-security@apple.com