Description
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.
Published: 2026-03-25
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure – unauthorized enumeration of installed applications
Action: Update OS
AI Analysis

Impact

Apple operating systems grant an application privileged access to enumerate a user’s installed app list. This permissions flaw exposes details about the user’s software ecosystem, potentially revealing user preferences or low‑level system information. The weakness corresponds to an information‑exposure vulnerability that can be leveraged to gain non‑confidential data about the device and its user.

Affected Systems

Devices running Apple iOS, iPadOS, macOS, or visionOS versions earlier than release 26.4 are affected. The flaw is fixed in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4; any device still on an older build remains at risk.

Risk and Exploitability

The CVSS base score of 6.2 indicates moderate severity, while the EPSS score of less than 1 % reflects a low likelihood of exploitation in the current threat landscape. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the attack vector is likely local: a malicious or compromised application with sufficient permissions can invoke the enumeration API to enumerate installed apps. No remote exploitation channels are described, so the threat to systems without compromised applications is limited.

Generated by OpenCVE AI on March 25, 2026 at 20:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, or visionOS 26.4 updates
  • Verify that all devices run the latest available OS version and avoid installing untrusted applications

Generated by OpenCVE AI on March 25, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Permissions Flaw Allows Enumeration of Installed Applications

Wed, 25 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple visionos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple visionos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:27:15.851Z

Reserved: 2026-03-03T16:36:03.969Z

Link: CVE-2026-28833

cve-icon Vulnrichment

Updated: 2026-03-25T14:31:31.964Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:08.383

Modified: 2026-03-25T20:52:26.473

Link: CVE-2026-28833

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:16:04Z

Weaknesses