You can find more info about this in this blog post.
The vulnerability CVE-2024-40801 in macOS allowed a sandboxed app to bypass TCC protections and access sensitive user data without requiring user permission. By leveraging the container-migration.plist feature, a sandboxed app could request the migration of TCC-protected files (like Safari history, Mail database, or user documents) to its app container, effectively bypassing TCC and giving the app full access to these files. This issue has since been fixed in macOS Sonoma 14.7 and macOS Sequoia 15.0.
This project includes multiple examples demonstrating this vulnerability.