Description
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
Published: 2026-01-16
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Potential disclosure of installed applications
Action: Apply update
AI Analysis

Impact

A permission flaw in iOS and iPadOS allows an application to enumerate the list of apps installed on a user’s device. The weakness results in the inadvertent exposure of application information, which can be leveraged to infer user preferences or installed security solutions. The flaw maps to Information Exposure and Improper Authorization, indicating that the operating system failed to enforce proper boundaries on app visibility.

Affected Systems

All Apple iOS and iPadOS devices running versions prior to 18.3 are affected. The issue applies to iPhone OS and iPadOS platforms, encompassing all device models that have not yet upgraded to the 18.3 release.

Risk and Exploitability

With a CVSS score of 3.3 the vulnerability is classified as low severity, and an EPSS score of less than 1% indicates a very low probability of exploitation. The flaw is not listed in the CISA KEV catalog, further suggesting limited real-world impact. Exploitation requires the presence of a malicious or compromised app on the device, typically targeting users who inadvertently install such software.

Generated by OpenCVE AI on April 27, 2026 at 21:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the iOS 18.3 or iPadOS 18.3 update as soon as it becomes available
  • Restrict the installation of applications to trusted sources and review app permissions regularly
  • Stay informed about security updates by monitoring Apple’s support releases and advisories

Generated by OpenCVE AI on April 27, 2026 at 21:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/122066 cve-icon cve-icon
History

Mon, 27 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Title Enumeration of Installed Apps via Permission Flaw

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Vendors & Products Apple
Apple ios
Apple ipad Os

Fri, 16 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-284
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:24.170Z

Reserved: 2025-01-17T00:00:44.966Z

Link: CVE-2025-24090

cve-icon Vulnrichment

Updated: 2026-01-16T18:38:48.480Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T18:16:06.540

Modified: 2026-01-27T20:25:28.387

Link: CVE-2025-24090

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T21:45:14Z

Weaknesses