Primary

Context

Apple Various Products Symlink Validation Vulnerability Allowing Access to Protected User Data

Vulnerability

Patched

A vulnerability exists in multiple Apple products, including macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1, iPadOS 26.1, tvOS 26.1, and visionOS 26.1. This vulnerability allows an app to access protected user data due to insufficient validation of symlinks. The issue could be exploited by apps that manipulate symlinked files to access data that is normally restricted.

Impact

Exploitation of this vulnerability could lead to unauthorized access to protected user data.

Remediation

Users can update to the latest versions of the affected operating systems to address this vulnerability.

Added: Nov 4, 2025, 3:20 AM

Updated: Nov 4, 2025, 3:20 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple Various Products Symlink Validation Vulnerability Allowing Access to Protected User Data

Vulnerability

Impact

Remediation

Affected Products

Apple macOS Sequoia

Apple macOS Sonoma

Apple tvOS

Apple watchOS

Apple visionOS

Apple iPadOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating