Description
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.
Published: 2026-02-11
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Information Exposure
Action: Immediate Patch
AI Analysis

Impact

An inconsistent user interface issue resulted from poor state management. An attacker who gains physical access to an iPhone can take and view screenshots of sensitive data while the device is mirroring to a Mac, potentially exposing confidential information. This flaw is categorized as CWE-703.

Affected Systems

Apple iOS and iPadOS are affected. The vulnerability exists in all versions prior to 26.3 and was addressed in iOS 26.3 and iPadOS 26.3.

Risk and Exploitability

The vulnerability scores a moderate CVSS of 4.6 and has a very low EPSS of under 1%, indicating a low likelihood of exploitation. It is not listed in the CISA KEV catalog. Exploitation requires the attacker to have physical access to the device and to initiate iPhone Mirroring with a Mac, which limits the attack surface but still presents a significant local threat.

Generated by OpenCVE AI on April 15, 2026 at 21:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to iOS or iPadOS 26.3 to apply the official fix
  • Configure the device to allow screen mirroring only on trusted or encrypted connections
  • Ensure that any Mac used for mirroring is physically secured and regularly monitored for unauthorized access

Generated by OpenCVE AI on April 15, 2026 at 21:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126346 cve-icon cve-icon
History

Tue, 17 Feb 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Fri, 13 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-703
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Vendors & Products Apple
Apple ios And Ipados

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:15:46.391Z

Reserved: 2025-11-11T14:43:07.861Z

Link: CVE-2026-20640

cve-icon Vulnrichment

Updated: 2026-02-13T19:18:48.007Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-11T23:16:07.023

Modified: 2026-02-17T13:30:27.347

Link: CVE-2026-20640

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:15:13Z

Weaknesses