Description
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
Published: 2026-01-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via App Enumeration
Action: Update OS
AI Analysis

Impact

A permissions issue in iOS and iPadOS allowed an application to enumerate every app installed on a device. The resulting disclosure does not compromise user data directly but reveals the presence of specific third‑party software, potentially enabling targeted attacks or privacy analysis. The vulnerability is classified as Information Exposure (CWE‑200).

Affected Systems

Vulnerable systems include all Apple iOS and iPadOS devices running a version earlier than 18.3. The issue is resolved in iOS 18.3 and iPadOS 18.3, so any device with an older operating system is affected.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate impact. An EPSS score of less than 1% suggests the exploitation likelihood is very low. The vulnerability is not included in the CISA Known Exploited Vulnerabilities catalog. Because the flaw operates through application‑level permissions and requires the user to run the malicious app, the likely attack vector is local via a legitimate‑looking third‑party app. Updating to 18.3 or later mitigates this risk.

Generated by OpenCVE AI on April 27, 2026 at 21:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install iOS 18.3 or later on affected devices
  • Install iPadOS 18.3 or later on affected devices
  • Review third‑party applications and revoke any that request unnecessary rights to query installed apps

Generated by OpenCVE AI on April 27, 2026 at 21:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/122066 cve-icon cve-icon
History

Mon, 27 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Title App Enumeration via Permissions Issue on iOS/iPadOS

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Vendors & Products Apple
Apple ios
Apple ipad Os

Fri, 16 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:14:40.050Z

Reserved: 2025-01-17T00:00:44.966Z

Link: CVE-2025-24089

cve-icon Vulnrichment

Updated: 2026-01-16T18:54:34.704Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T18:16:06.443

Modified: 2026-01-27T20:25:10.440

Link: CVE-2025-24089

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T21:45:14Z

Weaknesses