Description
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to identify what other apps a user has installed.
Published: 2025-12-17
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

A permissions flaw in Apple operating systems permits a malicious application to enumerate other user‑installed apps. This privilege escalation can reveal sensitive information about the user’s app usage pattern, compromising privacy and potentially facilitating further targeted attacks. The weakness maps to CWE‑200, information disclosure.

Affected Systems

Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are impacted. The vulnerability affects iOS and iPadOS versions 18.7.3 and 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2. All other Apple OS versions are not listed as vulnerable.

Risk and Exploitability

The CVSS score of 9.8 reflects a high severity with a critical potential for privacy compromise. However, the EPSS score is below 1% and the vulnerability is not listed in CISA KEV, indicating a low exploitation probability in the wild. The likely attack vector is a malicious application that can leverage the excess permission to detect installed apps; based on the description, it is inferred that the exposure arises from insufficient permission constraints.

Generated by OpenCVE AI on April 22, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest iOS, iPadOS, macOS, tvOS, visionOS, and watchOS updates (>= 18.7.3 / 26.2) that address the permission restriction.
  • Until the update is applied, remove or block untrusted third‑party applications that could exploit the disclosure.
  • Review the permissions granted to apps and limit the exposure of installed‑app information by revoking unnecessary privileges, following the guidance for preventing CWE‑200 vulnerabilities.

Generated by OpenCVE AI on April 22, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Title Information Disclosure of Installed Apps via Permission Misconfiguration

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to identify what other apps a user has installed.

Thu, 18 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 18 Dec 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
Apple tvos
Apple watchos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os
Apple tvos
Apple watchos
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Thu, 18 Dec 2025 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Apple macos
Apple macos Tahoe
Apple tv Os
Apple visionos
Apple watch Os
Vendors & Products Apple
Apple ios
Apple ipad Os
Apple macos
Apple macos Tahoe
Apple tv Os
Apple visionos
Apple watch Os

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os Macos Macos Tahoe Tv Os Tvos Visionos Watch Os Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:40.647Z

Reserved: 2025-04-22T21:13:49.958Z

Link: CVE-2025-46279

cve-icon Vulnrichment

Updated: 2025-12-18T19:12:29.599Z

cve-icon NVD

Status : Modified

Published: 2025-12-17T21:16:13.340

Modified: 2026-04-02T19:21:02.857

Link: CVE-2025-46279

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:30:26Z

Weaknesses