{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28856", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2026-03-03T16:36:03.972Z", "datePublished": "2026-03-25T00:32:12.538Z", "dateUpdated": "2026-03-25T20:20:36.115Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker with physical access to a locked device may be able to view sensitive user information"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information."}], "references": [{"url": "https://support.apple.com/en-us/126792"}, {"url": "https://support.apple.com/en-us/126798"}, {"url": "https://support.apple.com/en-us/126799"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:32:12.538Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T20:20:16.555767Z", "id": "CVE-2026-28856", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:20:36.115Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-28856", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:20:16.555767Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:20:32.213Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "0", "lessThan": "26.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "0", "lessThan": "26.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "0", "lessThan": "26.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/126792"}, {"url": "https://support.apple.com/en-us/126798"}, {"url": "https://support.apple.com/en-us/126799"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker with physical access to a locked device may be able to view sensitive user information"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:32:12.538Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28856", "state": "PUBLISHED", "dateUpdated": "2026-03-25T20:20:36.115Z", "dateReserved": "2026-03-03T16:36:03.972Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-03-25T00:32:12.538Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information."}], "id": "CVE-2026-28856", "lastModified": "2026-03-25T21:16:39.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T01:17:09.717", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126792"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126798"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126799"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iOS and iPadOS", "source": "cna", "vendor": "Apple"}, "product": "ios_and_ipados", "vendor": "apple"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "visionOS", "source": "cna", "vendor": "Apple"}, "product": "visionos", "vendor": "apple"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "watchOS", "source": "cna", "vendor": "Apple"}, "product": "watchos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-25T02:45:34.735843+00:00", "value": {"mitigation_remediation": ["Update the device to iOS 26.4, iPadOS 26.4, visionOS 26.4, or watchOS 26.4 to apply the authentication fix.", "Ensure the device remains in a secure, monitored location to prevent unauthorized physical access.", "Use a robust lock screen method such as a password or biometric authentication if available, and avoid leaving the device unattended on public or semi-public surfaces."], "summary": {"action": "Patch Now", "impact": "Information disclosure via physical access on locked devices"}, "threat_synthesis": {"affected_systems": "Apple\u2019s mobile operating systems\u2014including iOS, iPadOS, visionOS, and watchOS\u2014are affected. Devices running versions prior to 26.4 are vulnerable; Apple has addressed the issue in iOS 26.4, iPadOS 26.4, visionOS 26.4, and watchOS 26.4.", "description_and_impact": "An authentication flaw allows an attacker with physical proximity to a locked Apple device to observe and capture sensitive user data displayed on the lock screen. The weakness enables the extraction of confidential information without bypassing software authentication, leading to an information disclosure vulnerability.", "risk_and_exploitability": "The exploit requires direct physical access to the device while it is locked, so it is less likely to be abused remotely. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting a moderate likelihood of exploitation in environments where devices are not physically secured. Nonetheless, the impact of data exposure warrants immediate action."}}}}, "created": "2026-03-25T11:36:35.555504+00:00", "title": "Physical Access Vulnerability Allowing Sensitive Data Exposure on Locked Apple Devices", "updated": "2026-03-25T20:56:17.036788+00:00", "vendors": ["apple", "apple$PRODUCT$ios_and_ipados", "apple$PRODUCT$visionos", "apple$PRODUCT$watchos"], "weaknesses": ["CWE-200"]}