Arbitrary File Write via Race Condition in Apple archive unpacking

Successful exploitation may allow an attacker to write arbitrary files on the target system in the security context of the archive-unpacking process. Depending on where files can be written and how the extracted content is later used, this can enable data tampering, overwriting of application or user files, placement of attacker-controlled content, and potentially follow-on compromise or persistence. The provided content does not specify demonstrated code execution, privilege escalation, or sandbox escape for this CVE.

Until patches can be applied, avoid unpacking archives from untrusted or unauthenticated sources, especially on systems that automatically process downloaded archives or where extracted files may land in sensitive locations. Restrict archive handling to trusted workflows, reduce exposure of users and services that process externally supplied archives, and use least-privilege accounts and filesystem protections to limit the impact of unintended file writes. The content does not provide any Apple-specific workaround beyond patching.

Apply the vendor fixes provided by Apple. Apple states the issue is fixed in macOS Ventura 13.7, iOS 17.7, iPadOS 17.7, visionOS 2, iOS 18, iPadOS 18, macOS Sonoma 14.7, and macOS Sequoia 15. Systems running earlier affected versions should be updated to the appropriate patched release.