CVE-2025-43358: 
macOS vulnerability analysis and mitigation

CVE-2025-43358 is a permissions vulnerability discovered in Apple's Shortcuts functionality that was disclosed and patched on September 15, 2025. The vulnerability affects multiple Apple operating systems including iOS 26, iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, iOS 18.7 and iPadOS 18.7. The issue allows a shortcut to potentially bypass sandbox restrictions due to a permissions issue (Apple Support, NVD).

The vulnerability stems from a permissions issue in the Shortcuts component that could allow sandbox restrictions to be bypassed. The issue was addressed by implementing additional sandbox restrictions in the affected systems. The vulnerability has received a CVSS 3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating local access required with low attack complexity (NVD).

The vulnerability could allow a malicious shortcut to bypass sandbox restrictions, potentially gaining access to resources and data that should be restricted. This represents a significant security boundary failure that could compromise the isolation between apps and system resources (Apple Support, Hacker News).

Apple has addressed this vulnerability by implementing additional sandbox restrictions in the security updates released on September 15, 2025. Users are advised to update to iOS 26, iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, iOS 18.7, or iPadOS 18.7 depending on their device (Apple Support).