Apple has released a patch for a newly disclosed vulnerability in macOS, tracked as CVE-2025-31258, that could allow malicious applications to break out of their sandbox and potentially gain unauthorized access to system resources.
The issue was fixed in macOS Sequoia 15.5, following the public disclosure of a proof-of-concept (PoC) exploit by security researcher Seo Hyun-gyu.
The flaw resides in RemoteViewServices, a behind-the-scenes yet integral framework within macOS. Though not widely known, RemoteViewServices handles content rendering and previews, especially for features like Quick Look and remote document viewing.
Discovered and reported by an anonymous researcher, the vulnerability permits sandbox escape, potentially granting unauthorized access to restricted system resources or user data.
βAn app may be able to break out of its sandbox,β Apple acknowledged in its advisory, noting that the flaw was addressed by removing the vulnerable code.
Apple has confirmed that this issue has been fixed in macOS Sequoia 15.5, and encouraged users to apply the update promptly.
Shortly after Appleβs patch release, Seo Hyun-gyu made the vulnerability publicly available, posting a proof-of-concept (PoC) exploit on GitHub, along with a demonstration video on YouTube. While Apple has stated that there is no evidence of active exploitation in the wild, the availability of the PoC raises the stakes for unpatched systems.
This fix comes as part of a broader security update rolled out by Apple on Monday, which included patches across macOS, iOS, and iPadOS.
If youβre running macOS, especially prior to Sequoia 15.5, apply the latest updates to protect your system.