Description
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user.
Published: 2025-12-12
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure leading to user fingerprinting
Action: Apply Patch
AI Analysis

Impact

An application may exploit an information disclosure flaw that lets it fingerprint a user, potentially compromising the user's anonymity or enabling tracking. The weakness corresponds to CWE-200, indicating unauthorized access to sensitive data. The vulnerability does not allow execution of arbitrary code or denial of service but can be used to identify a device or user across contexts.

Affected Systems

Apple iOS and iPadOS devices are affected. Versions prior to iOS 26.1 and iPadOS 26.1 are vulnerable; the issue is fixed in those releases.

Risk and Exploitability

The CVSS score of 3.3 indicates a low severity level, and the EPSS score of less than 1% suggests a very low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Likely attack vectors involve a local malicious or poorly designed application that runs on the device and abuses the privacy controls to collect identifying information.

Generated by OpenCVE AI on April 27, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to iOS 26.1 or iPadOS 26.1 to obtain the fixed privacy controls.
  • Revoke or limit any app permissions that allow access to device identifiers or sensitive data until a patch is applied.
  • Continuously monitor installed applications for unusual behavior and remove or restrict those that appear to collect or transmit personal identifiers.

Generated by OpenCVE AI on April 27, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125632 cve-icon cve-icon
History

Mon, 27 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title App-Based User Fingerprinting via Information Disclosure

Tue, 16 Dec 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Mon, 15 Dec 2025 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Vendors & Products Apple
Apple ios
Apple ipados

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user.
References

Subscriptions

Apple Ios Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:44.532Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43437

cve-icon Vulnrichment

Updated: 2025-12-15T01:02:32.331Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-12T21:15:54.313

Modified: 2025-12-16T21:33:37.660

Link: CVE-2025-43437

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T22:45:15Z

Weaknesses