Primary

Context

Apple macOS, iOS, iPadOS, and tvOS Core Services Vulnerability Allowing Access to Sensitive User Data

Vulnerability

Patched

A vulnerability in the Core Services component of multiple Apple operating systems, including macOS Ventura, macOS Sequoia, iOS 18.4, iPadOS 18.4, and tvOS 18.4, could allow apps to access sensitive user data. This issue was related to improper state management and logging, which created opportunities for unauthorized data access.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user data, including private information and keychain data.

Reproduction

The vulnerability can be reproduced by an app that requests access to user data through security-scoped bookmarks. Once the user grants permission, the app can manipulate keychain entries to escape sandbox restrictions and access sensitive information without further user interaction.

Remediation

Users can update to the latest versions of macOS, iOS, iPadOS, and tvOS to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.0

exploitability

5.7

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.0

exploitability

5.7

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple macOS, iOS, iPadOS, and tvOS Core Services Vulnerability Allowing Access to Sensitive User Data

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Apple macOS Ventura

Apple tvOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating