The vulnerability enables an application to discover the list of other installed applications on iOS, iPadOS, macOS, tvOS, visionOS, or watchOS devices, revealing private software usage. This information disclosure classifies as a privacy breach, as it gives an attacker insight into a user's installed applications without permission. The weakness is identified by CWE-200, indicating a lack of proper privacy controls during enumeration.

The issue affects all Apple operating systems: iOS, iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS. Documentation specifies that updates addressing the flaw are available in iOS 18.7.5, iPadOS 18.7.5, iOS 26.3, iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, and watchOS 26.3.

The CVSS score of 7.1 indicates a high level of risk for confidentiality compromise. The EPSS score of less than 1% suggests exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector would involve a user installing a malicious app that can read the system's application inventory; such a scenario requires local access to the device and the permissions granted to the suspect app. Until a direct exploit is observed, the threat remains primarily a privacy concern rather than a denial‑of‑service or remote code execution risk.