This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ipados | Apple | * | 18.1 (excluding) |
Iphone_os | Apple | * | 18.1 (excluding) |
Macos | Apple | * | 14.7.1 (excluding) |
Tvos | Apple | * | 18.1 (excluding) |
Visionos | Apple | * | 2.1 (excluding) |
Watchos | Apple | * | 11.1 (excluding) |