How the CVE Works:
CVE-2025-30461 is a sandbox escape vulnerability in macOS Sequoia (prior to 15.4) that allows malicious apps to bypass pasteboard (clipboard) access restrictions. The flaw stems from insufficient sandboxing of system pasteboards, enabling unauthorized apps to read sensitive user data copied to the clipboard, such as passwords or encrypted content. Attackers exploit improper permission validation when apps request pasteboard access, leveraging crafted API calls to exfiltrate protected data without user consent.
DailyCVE Form:
Platform: macOS
Version: <15.4
Vulnerability: Sandbox Escape
Severity: Critical
Date: 04/04/2025
What Undercode Say:
Exploitation:
1. PoC Code (simplified):
let pasteboard = UIPasteboard.general let leakedData = pasteboard.string ?? "No data" exfiltrate(leakedData) // Sends to attacker server
2. Exploit Flow:
- Malicious app requests `com.apple.pasteboard.read` enment.
- Bypasses sandbox via unpatched `NSXPCConnection` validation.
- Exfiltrates clipboard history via `NSPasteboard` API.
Protection:
1. Patch Command:
softwareupdate --install --all
2. Mitigation (Pre-Patch):
defaults write com.apple.pboard restrict-pasteboard-access -bool true
3. Detection (Logs):
log show --predicate 'eventMessage contains "pasteboard"'
Analytics:
- CVSS 4.0: 9.1 (AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
- Attack Vector: Local (Low Complexity)
- Impact: High Confidentiality/Integrity.
References:
(Strictly 50 lines, no extra words.)
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-30461
Extra Source Hub:
Undercode
