Description
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.
Published: 2025-11-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privacy breach via user fingerprinting
Action: Apply Patch
AI Analysis

Impact

A permissions issue in Apple operating systems allows applications to gather data that can identify and track individual users. The vulnerability is an instance of Incorrect Permission Assignment, where code runs with more privileges than intended, enabling an app to fingerprint a user. The exploitation would compromise privacy, allowing the attacker to identify a user across services or sessions, though it does not grant direct system compromise or data theft beyond that scope.

Affected Systems

Affected Apple products include iOS and iPadOS versions 18.7.2 and 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1. Upgrading any of these systems to the listed patch versions removes the vulnerability.

Risk and Exploitability

The CVSS score of 5.3 classifies the vulnerability as moderate, while the EPSS score of less than 1 percent indicates a very low likelihood of exploitation. The issue is not listed in CISA’s KEV catalog. The most probable attack vector is local: any user‑installed app that obtains the necessary system permissions could perform fingerprinting. No network‑based remote exploitation path is described.

Generated by OpenCVE AI on April 22, 2026 at 21:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update iOS, iPadOS, macOS, tvOS, visionOS, and watchOS to the latest patched versions (18.7.2/26.1 or later).
  • Remove or restrict permissions for installed applications that are not essential for core functionality.
  • Disable fingerprinting features or privacy‑sensitive data collection in device settings where available.

Generated by OpenCVE AI on April 22, 2026 at 21:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Title Permissions Issue Allows User Fingerprinting

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. An app may be able to fingerprint the user. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to fingerprint the user. A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. An app may be able to fingerprint the user.
References

Wed, 05 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 05 Nov 2025 18:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to fingerprint the user. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to fingerprint the user.
References

Tue, 04 Nov 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Tue, 04 Nov 2025 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-276
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipad Os
Apple tvos
Apple visionos
Apple watchos

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to fingerprint the user.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:12.665Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43444

cve-icon Vulnrichment

Updated: 2025-11-04T16:14:02.754Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:50.160

Modified: 2026-04-02T19:20:47.963

Link: CVE-2025-43444

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T22:00:18Z

Weaknesses