CVE-2025-31191: Microsoft Exposes macOS Vulnerability Allowing App Sandbox Escape - #CVE-2025-31191
Microsoft Threat Intelligence has uncovered a critical macOS vulnerability, CVE-2025-31191, that enables attackers to bypass the App Sandbox and execute unauthorized code. This flaw exploits security-scoped bookmarks in sandboxed applications, allowing manipulation of the macOS keychain to replace cryptographic signing keys. By artificially signing entries in the secure bookmarks PLIST file, attackers can gain unrestricted system access without user interaction. The vulnerability affects any sandboxed app using security-scoped bookmarks, posing significant risks such as privilege escalation, data exfiltration, and malware deployment. Apple addressed the issue in its March 31, 2025 security update following Microsoft's responsible disclosure. Users are strongly advised to apply security updates promptly, while Microsoft Defender for Endpoint provides additional protection by detecting and blocking related suspicious activities.