Description
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user.
Published: 2025-11-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: User Fingerprinting
Action: Update
AI Analysis

Impact

A privacy flaw that allows an application to fingerprint a device using sensitive data was found in Apple operating systems. The vulnerability may be exploited to uniquely identify a user, thereby giving an attacker a persistent identifier that can be used for tracking or profiling purposes. This weakness corresponds to CWE‑359, Unauthorized Access to Sensitive Information.

Affected Systems

Apple iOS, iPadOS, and visionOS are affected. The flaw is fixed in iOS 18.7.2, iPadOS 18.7.2, iOS 26.1, iPadOS 26.1, and visionOS 26.1. Devices running earlier releases remain vulnerable until they are upgraded to at least these versions.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate risk, while an EPSS score of less than 1% reflects a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is any application that can read device identifiers; an attacker would need to run or influence an app on the target device to trigger the fingerprinting. Integration of the fix in the specified OS releases mitigates this risk.

Generated by OpenCVE AI on April 27, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest iOS, iPadOS, or visionOS updates that include the fix.
  • Remove or limit third‑party apps that could use device identifiers for fingerprinting.
  • Verify that app permissions are set to the minimal necessary levels and consider revoking sensitive entitlements.

Generated by OpenCVE AI on April 27, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Title Device Fingerprinting via Unauthorized Sensitive Data Access

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to fingerprint the user. A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user.
References

Wed, 05 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 05 Nov 2025 18:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user. A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to fingerprint the user.
References

Wed, 05 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Tue, 04 Nov 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Tue, 04 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-359
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Apple visionos
Vendors & Products Apple
Apple ios
Apple ipad Os
Apple visionos

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:12:51.555Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43439

cve-icon Vulnrichment

Updated: 2025-11-04T16:27:32.772Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:49.667

Modified: 2025-12-17T21:16:03.457

Link: CVE-2025-43439

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:30:15Z

Weaknesses