Microsoft security researchers have discovered a significant vulnerability in macOS that allowed attackers to bypass Apple's App Sandbox protection mechanism. The vulnerability, tracked as CVE-2025-31191, was fixed by Apple in security updates released on March 31, 2025, following Microsoft's responsible disclosure through their Coordinated Vulnerability Disclosure process.
The flaw, uncovered by Microsoft's Threat Intelligence team, centers on how macOS handles security-scoped bookmarks—a mechanism designed to give sandboxed applications persistent access to user-approved files.
Researchers found that a malicious actor could manipulate the system to grant unrestricted file access without requiring user interaction, effectively escaping the App Sandbox's containment.
"An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks," Microsoft explained in their detailed analysis. This unrestricted access would allow attackers to "perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads."
The vulnerability specifically targets the cryptographic key management for security-scoped bookmarks. While investigating how Microsoft Office macros interact with the macOS sandbox, researchers discovered that although the system prevents reading the cryptographic secrets used to validate bookmarks, it failed to prevent deletion and replacement of these secrets.
By replacing the existing keychain entry with a known value, attackers could forge their own security-scoped bookmarks, tricking the system into granting a sandboxed application access to arbitrary files—effectively breaching the sandbox barrier.
This research follows Microsoft's earlier discovery of a similar sandbox escape vulnerability in 2022, highlighting the importance of cross-platform security research. Microsoft noted that while exploiting the vulnerability would require complex techniques, it represents a significant security risk for macOS users.
Microsoft Defender for Endpoint can detect this exploit by identifying anomalous behavior when sandboxed applications attempt to control security keys they normally don't access, protecting users from potential attacks.
The discovery underscores the critical importance of timely security updates for operating systems. Microsoft commended Apple's product security team for their "collaboration and responsiveness" and encouraged all macOS users to apply security updates as soon as possible to mitigate the risk.
This case exemplifies how collaboration between technology companies strengthens digital security across different platforms, benefiting the entire ecosystem through responsible vulnerability disclosure and coordinated remediation efforts.