Description
CVE-2025-43524 is an access issue in the Icons component of macOS. According to Apple's advisory, the flaw could allow an app to break out of its sandbox. It was reported by Csaba Fitzl (@theevilbit) of Iru.
Impact
Exploitation of this vulnerability could allow a malicious app to escape its sandbox via a flaw in icon handling. Apple addressed the issue with additional sandbox restrictions in macOS Sequoia 15.7.7 (this fix was also carried in macOS Tahoe 26.2, where Apple's advisory describes the same CVE as a logic issue addressed with improved checks — a minor wording difference across the two OS branches worth noting if you cross-reference both advisories).
CVE-2026-28827
A critical vulnerability in macOS Tahoe could allow sandboxed apps to escape their confines. Learn about CVE-2026-28827 and how Apple has addressed this issue.
Learn MoreCVE-2026-20617
CVE-2026-20617 is a critical security vulnerability in macOS that could allow apps to gain root privileges. Learn about its impact and the necessary updates.
Learn MoreCVE-2025-55182
Critical React vulnerability CVE-2025-55182 allows remote code execution. Update to patched versions immediately to secure affected React Server Components and frameworks.
Learn More