PT-2026-7800 · Apple · Ipados+3
Ron Masas
·
Published
2026-02-11
·
Updated
2026-02-24
·
CVE-2026-20677
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apple macOS versions prior to Tahoe 26.3
Apple macOS versions prior to Sonoma 14.8.4
Apple iOS versions prior to 18.7.5
Apple iPadOS versions prior to 18.7.5
Apple visionOS versions prior to 26.3
Apple iOS versions prior to 26.3
Apple iPadOS versions prior to 26.3
Description
A race condition existed in the handling of symbolic links. This allowed a shortcut to potentially bypass sandbox restrictions.
Recommendations
Update Apple macOS to version 26.3 or later.
Update Apple macOS to version 14.8.4 or later.
Update Apple iOS to version 18.7.5 or later.
Update Apple iPadOS to version 18.7.5 or later.
Update Apple visionOS to version 26.3 or later.
Update Apple iOS to version 26.3 or later.
Update Apple iPadOS to version 26.3 or later.
Fix
Time Of Check To Time Of Use
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados
Visionos