Description
The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.
Published: 2025-09-15
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized keystroke capture
Action: Patch Now
AI Analysis

Impact

A vulnerability in Apple iOS and iPadOS allows a locally installed application to capture keystrokes without obtaining explicit user permission. The weakness is classified as CWE‑200 Sensitive Data Exposure and can let an application read input from any active text field, thereby compromising the confidentiality of user data. The CVE description does not specify particular types of data that may be exfiltrated, but the potential exists for any information typed by the user.

Affected Systems

The flaw affects devices running Apple iOS or iPadOS versions older than iOS 18.7, iOS 26, iPadOS 18.7, or iPadOS 26. Users should verify that their operating system is at least version 18.7 for Apple‑brand major releases or the equivalent iOS 26 for newer releases, as these releases contain the fix.

Risk and Exploitability

With a CVSS score of 9.8 the vulnerability is considered critical. The EPSS score is reported as less than 1 %, indicating that exploitation is predicted to be rare at this time, and the flaw is not listed in the CISA KEV catalog. The likely attack vector is the local installation of a malicious application, possibly through the App Store or other distribution channels, after which the application can unobtrusively harvest typed data. An attacker would need only local installation privileges; no remote code execution or elevated privileges are required for exploitation.

Generated by OpenCVE AI on April 28, 2026 at 10:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to iOS 18.7 or later, or to iOS 26 or later if on an earlier major release.
  • Upgrade the device to iPadOS 18.7 or later, or to iPadOS 26 or later if on an earlier major release.
  • After updating, uninstall any applications that seem to monitor user input without a legitimate reason.

Generated by OpenCVE AI on April 28, 2026 at 10:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29303 The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.
History

Tue, 28 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Title Unauthorized Keystroke Capture via Improper Permission Checks in iOS and iPadOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to monitor keystrokes without user permission. The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission. The issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to monitor keystrokes without user permission.

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Vendors & Products Apple
Apple ios
Apple ipad Os

Tue, 16 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:26.192Z

Reserved: 2025-04-16T15:24:37.112Z

Link: CVE-2025-43362

cve-icon Vulnrichment

Updated: 2025-09-16T13:37:36.454Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:38.040

Modified: 2026-04-02T19:20:33.843

Link: CVE-2025-43362

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:45:29Z

Weaknesses