Description
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data.
Published: 2025-12-12
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Updates
AI Analysis

Impact

The vulnerability allows an application to read sensitive user data that it should not be able to access, due to insufficient privacy controls in the operating system. This constitutes an information disclosure flaw. The flaw could expose personal, location, or health data to a malicious or compromised app, compromising user confidentiality. The weakness is an exposure of sensitive information, typical of a privacy control failure.

Affected Systems

Apple devices running iOS, iPadOS, macOS, visionOS, or watchOS are affected. The fix is deployed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. Any earlier versions of these operating systems are vulnerable.

Risk and Exploitability

The CVSS score of 3.3 indicates low severity, and the EPSS score of less than 1% suggests a very low likelihood of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is through a local or sandboxed application that privileges exceed ordinary app boundaries, potentially via a flaw in the operating system’s privacy enforcement. Because the attack path relies on installing or compromising a legitimate app, the exploitation prerequisites are minimal for an attacker who can deliver a malicious application to the device.

Generated by OpenCVE AI on April 22, 2026 at 20:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates for all Apple devices; ensure iOS 18.7.3 or later, iPadOS 18.7.3 or later, macOS Sequoia 15.7.3 or later, macOS Sonoma 14.8.3 or later, macOS Tahoe 26.2 or later, visionOS 26.2 or later, and watchOS 26.2 or later are installed.
  • Review and tighten application permission settings to limit data access to the minimum required for each app.
  • If an update cannot be applied immediately, consider removing or disabling applications that request excessive data access until the patch is installed.

Generated by OpenCVE AI on April 22, 2026 at 20:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Sensitive User Data Disclosure via Improper Privacy Controls
Weaknesses CWE-200

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An information disclosure issue was addressed with improved privacy controls. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An app may be able to access sensitive user data. An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access sensitive user data. An information disclosure issue was addressed with improved privacy controls. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An app may be able to access sensitive user data.
References

Tue, 16 Dec 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Mon, 15 Dec 2025 20:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:12:11.355Z

Reserved: 2025-04-22T21:13:49.957Z

Link: CVE-2025-46276

cve-icon Vulnrichment

Updated: 2025-12-15T20:40:02.829Z

cve-icon NVD

Status : Modified

Published: 2025-12-12T21:15:57.770

Modified: 2026-04-02T19:21:02.373

Link: CVE-2025-46276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T21:00:06Z

Weaknesses