Description
A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.
Published: 2025-11-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Update OS
AI Analysis

Impact

A vulnerability in Apple operating systems allows a malicious application to capture screenshots of sensitive information displayed in embedded views, potentially exposing private data to the attacker or third parties. The weakness is a privacy issue related to improper checks before screenshot capture, classified as CWE-200, which directly affects user confidentiality. This could enable an attacker to harvest confidential data without further system compromise.

Affected Systems

Apple iOS and iPadOS, macOS, visionOS, and watchOS devices running versions prior to 26.1 are susceptible. The issue is fixed in iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, and watchOS 26.1.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while an EPSS score of less than 1% suggests a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, indicating no widespread exploitation has been reported. A malicious app would need to be installed on the device, implying a local or user‑initiated attack vector. Once installed, the app could capture screenshots of embedded content, leading to sensitive data disclosure.

Generated by OpenCVE AI on April 27, 2026 at 23:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Apple OS update to at least version 26.1 on all iOS, iPadOS, macOS, visionOS, and watchOS devices.
  • Audit installed applications for unknown or suspicious apps and remove or sandbox any that are not required, as they could potentially exploit the screenshot vulnerability.
  • Consider disabling screenshot functionality for particularly sensitive contexts via system configuration if available, following best practices for protecting confidential information.

Generated by OpenCVE AI on April 27, 2026 at 23:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Title Malicious App Could Take Screenshots of Sensitive Embedded Views

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views. A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views. A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.
References

Tue, 04 Nov 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipados
Apple visionos
Apple watchos

Tue, 04 Nov 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.
References

Subscriptions

Apple Ios Ipados Iphone Os Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:16:22.371Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43455

cve-icon Vulnrichment

Updated: 2025-11-04T15:36:19.650Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:51.020

Modified: 2026-04-02T19:20:49.407

Link: CVE-2025-43455

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:30:15Z

Weaknesses