Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access.
Published: 2025-11-04
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

A logic issue in Apple iOS and iPadOS permits an application to gather information about the current camera view before it has been granted camera access. The flaw constitutes an information‑disclosure vulnerability classified as CWE‑284. Because the app can learn camera‑view details without permission, an attacker could potentially use this data to infer user activities or context. The vulnerability does not provide a direct path to remote code execution, but it lowers user privacy guarantees.

Affected Systems

The affected firmware runs on Apple iOS and iPadOS devices. The flaw exists in all versions prior to iOS 18.7.2, iPadOS 18.7.2, iOS 26.1, and iPadOS 26.1, as indicated by Apple’s support documentation. Updating the operating system to any of those fixed releases eliminates the logic bug. Devices running later releases are considered not affected by this specific issue.

Risk and Exploitability

The CVSS score of 7.5 marks it as a high‑severity vulnerability, and an EPSS score of less than 1% suggests the probability of exploitation is currently very low. The issue is not listed in the CISA KEV catalog. Attackers would need to convince or trick a user into installing a malicious app that exploits this logic path; it is likely a local or device‑end user attack vector. Because the vulnerability centers on early disclosure of camera view data, the impact is limited to privacy concerns, and no requirement for elevated privileges or network access is described.

Generated by OpenCVE AI on April 22, 2026 at 21:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install iOS 18.7.2 or later, iPadOS 18.7.2 or later, or the 26.1 releases that contain the fix.
  • After updating, review and revoke camera permissions for any applications that do not require camera access, and monitor for any unexpected camera usage.
  • Check Apple’s support articles (e.g., 125632 and 125633) to confirm the update includes the camera‑view logic fix, and ensure all managed devices receive the patch in a timely fashion.

Generated by OpenCVE AI on April 22, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Title App Can Learn Camera View Before Permission Granted

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to learn information about the current camera view before being granted camera access. A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access.
References

Wed, 05 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 05 Nov 2025 18:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access. A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to learn information about the current camera view before being granted camera access.
References

Tue, 04 Nov 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Vendors & Products Apple
Apple ios
Apple ipados

Tue, 04 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access.
References

Subscriptions

Apple Ios Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:23:53.070Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43450

cve-icon Vulnrichment

Updated: 2025-11-04T15:03:52.849Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:50.747

Modified: 2025-12-17T21:16:05.280

Link: CVE-2025-43450

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T21:30:27Z

Weaknesses