CVE-2026-28910: Breaking macOS App Sandbox Data Containers and Hijacking Apps
19 hours ago
- #sandbox bypass
- #macOS vulnerability
- #TCC exploitation
- Archive Utility bug allows attackers to bypass macOS sandbox protections and TCC.
- Attack requires minimal user interaction: running a shell script and drag-and-dropping a file.
- Exploit enables full access to app data containers, including Apple apps and third-party apps.
- Hijacking third-party apps by replacing executables within application bundles.
- Proof-of-concept attack, pb2au, mimics legitimate software installation to deceive users.
- Fixes implemented in macOS 26.4 restrict Archive Utility's access to protected areas.