Description
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access sensitive user data.
Published: 2025-11-04
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Apply Patch
AI Analysis

Impact

A flaw in the handling of user preferences allows an application to gain access to sensitive personal information. The weakness is a classic case of improper protection of data leading to data leakage, identified as CWE‑359. The consequence is that an attacker who can run or influence an app on the device can obtain private data that should be restricted to the user.

Affected Systems

The affected products are Apple’s mobile and desktop operating systems: iOS, iPadOS, macOS, visionOS, and watchOS. Devices operating on any version prior to 26.1 are susceptible; the issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, and watchOS 26.1.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity impact, while the EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog, and no active exploitation is known. The typical attack vector would involve a malicious or compromised application installed on the device, as the flaw requires app access to the user preference subsystem. If exploited, the attacker could read sensitive data, potentially compromising user privacy and confidentiality.

Generated by OpenCVE AI on April 22, 2026 at 21:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade all affected Apple operating system versions to 26.1 or later, as the vendor has issued a fix.
  • Verify that applications are obtained only from trusted sources such as the official App Store, and uninstall any unknown or suspicious apps.
  • Enforce device and application security policies through mobile device management or equivalent controls to prevent installation of unauthorized code.

Generated by OpenCVE AI on April 22, 2026 at 21:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Title Sensitive Data Exposure via Improper Handling of User Preferences

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data. A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access sensitive user data.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to access sensitive user data. A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data.
References

Tue, 04 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Tue, 04 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-359
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipados
Apple visionos
Apple watchos

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to access sensitive user data.
References

Subscriptions

Apple Ios Ipados Iphone Os Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:10:09.707Z

Reserved: 2025-04-16T15:27:21.192Z

Link: CVE-2025-43500

cve-icon Vulnrichment

Updated: 2025-11-04T16:32:43.477Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:53.073

Modified: 2026-04-02T19:20:55.477

Link: CVE-2025-43500

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T22:00:18Z

Weaknesses