Description
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.
Published: 2026-06-11
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authorization flaw caused by insufficient state management can allow a malicious or compromised application to access user data that it should not be able to see, leading to disclosure of sensitive information. The weakness is an improper access control issue that could expose confidential data to other apps or to the attacker. This compromise affects the confidentiality of user data for any affected device.

Affected Systems

The vulnerability is fixed in iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4; the description does not specify the exact version range of affected systems, so it is reasonable to assume that earlier releases may also be vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score is not available. Based on the description, it is inferred that attackers would need to deliver or install a malicious app that exploits the state‑management issue, making the attack vector likely local or requiring privileged application installation. The risk to users is primarily confidentiality loss, and the lack of an EPSS score suggests exploitation probability is not currently high, yet the defect is fixed in the newest releases.

Generated by OpenCVE AI on June 11, 2026 at 22:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest iOS 18.4, iPadOS 18.4, or macOS Sequoia 15.4 update to eliminate the flaw.
  • Verify that all installed applications have only the permissions they need and remove any that are no longer required.
  • Monitor for unexpected data access or permission requests by installing reputable endpoint security tools.

Generated by OpenCVE AI on June 11, 2026 at 22:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Apple iOS/iPadOS/macOS Authorization Issue Enabling Sensitive Data Leakage

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Vendors & Products Apple
Apple ios And Ipados
Apple macos

Thu, 11 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.
References

Subscriptions

Apple Ios And Ipados Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-11T19:31:00.272Z

Reserved: 2025-04-22T21:13:49.960Z

Link: CVE-2025-46308

cve-icon Vulnrichment

Updated: 2026-06-11T19:30:22.159Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-11T19:16:34.503

Modified: 2026-06-11T20:51:53.840

Link: CVE-2025-46308

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:30:09Z

Weaknesses