Description
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to identify what other apps a user has installed.
Published: 2025-11-04
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure via app installation visibility
Action: Patch now
AI Analysis

Impact

A permissions flaw allows an application to enumerate the other applications installed on an Apple device. The weakness, classified as CWE-276, permits the disclosure of user-installed apps, which can be used for profiling or tailoring additional attacks. The impact is purely informational and does not directly compromise the device's core functionality.

Affected Systems

Apple iOS and iPadOS devices running firmware prior to iOS 18.7.2, iPadOS 18.7.2, iOS 26.1, or iPadOS 26.1 are vulnerable. The issue is fixed in both 18.7.2/26.1 releases of the operating systems.

Risk and Exploitability

The CVSS score of 3.3 indicates low severity. An exploit requires a local malicious application; no remote exploitation or privilege escalation is needed. The EPSS score of less than 1% indicates a very low exploitation likelihood, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a user installing a malicious or poorly designed application that requests permissions to enumerate installed apps.

Generated by OpenCVE AI on April 27, 2026 at 23:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to iOS 18.7.2 or newer, iOS 26.1 or newer, iPadOS 18.7.2 or newer, or iPadOS 26.1 or newer.
  • Restrict app permissions or review privacy settings to limit unnecessary access to app installation information.
  • Avoid installing applications from untrusted sources or those requesting unnecessary permissions beyond their stated functionality.

Generated by OpenCVE AI on April 27, 2026 at 23:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Title App Permission Leak Exposing Installed Apps

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to identify what other apps a user has installed. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to identify what other apps a user has installed.
References

Wed, 05 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 05 Nov 2025 18:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to identify what other apps a user has installed. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to identify what other apps a user has installed.
References

Wed, 05 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Tue, 04 Nov 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Tue, 04 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-276
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Vendors & Products Apple
Apple ios
Apple ipad Os

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to identify what other apps a user has installed.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:13:21.391Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43442

cve-icon Vulnrichment

Updated: 2025-11-04T16:24:58.517Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:49.963

Modified: 2025-12-17T21:16:03.907

Link: CVE-2025-43442

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:30:15Z

Weaknesses