Description
A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.
Published: 2025-11-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Information Disclosure
Action: Apply patch
AI Analysis

Impact

The vulnerability is a correctness issue that was corrected by adding improved checks in Apple systems. The flaw allows an application to read sensitive user data that it should not have access to, making it an information disclosure problem described by CWE‑200. An app that runs under higher privileges or operates as a malicious third‑party can exploit this weakness to obtain protected data from a device, which can compromise user privacy.

Affected Systems

Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The flaw is present in any version before iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7 and Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, and watchOS 26.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity while the EPSS score of less than 1% suggests a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would likely need to install a malicious or over‑privileged application on the device to read protected data, making the threat primarily local and contingent on the app ecosystem. Based on the description, it is inferred that the vulnerability is triggered by improper data access checks within app code.

Generated by OpenCVE AI on April 28, 2026 at 18:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all affected Apple devices to the patched OS versions (iOS 18.7/iPadOS 18.7, iOS 26/iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26).
  • Review and restrict application permissions so that only trusted apps retain read access to sensitive data, and configure stricter sandbox policies for third‑party applications.
  • Monitor system logs and application behavior for any unauthorized data access attempts, and configure alerts to detect abnormal information‑exposure activity.

Generated by OpenCVE AI on April 28, 2026 at 18:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Title Apple OS Data Disclosure via Improper Access

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to access sensitive user data. A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.
References

Tue, 04 Nov 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipad Os
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple tvos
Apple visionos
Apple watchos

Tue, 04 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to access sensitive user data.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os Macos Macos Sequoia Macos Sonoma Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:24.981Z

Reserved: 2025-04-16T15:24:37.110Z

Link: CVE-2025-43345

cve-icon Vulnrichment

Updated: 2025-11-04T14:51:34.212Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:41.550

Modified: 2026-04-02T19:20:30.873

Link: CVE-2025-43345

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T18:45:15Z

Weaknesses