Description
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: User privacy – fingerprinting
Action: Update
AI Analysis

Impact

A permissions issue was identified that allows an application to bypass restrictions and fingerprint a user. The primary impact is the potential to uniquely identify a user across services, thereby compromising privacy. The weakness can be described as improper privilege management.

Affected Systems

Apple devices running iOS, iPadOS, tvOS, visionOS, or watchOS are affected. The issue exists in all releases prior to the 26.4 update for each platform, which addresses the problem.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate risk, while the EPSS score below 1% shows a low current exploitation likelihood, and the vulnerability is not listed in KEV. An attacker would need to install a malicious or compromised application that exploits the over‑permitted permission to collect identifying information. Once the app is executed, the attacker could fingerprint the user without requiring additional credentials.

Generated by OpenCVE AI on March 27, 2026 at 11:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade all Apple devices to iOS 26.4 or later, including iPadOS, tvOS, visionOS, and watchOS.
  • Verify that the latest software update is installed on every device.
  • Review third‑party applications and uninstall any that request unnecessary permissions or appear suspicious.

Generated by OpenCVE AI on March 27, 2026 at 11:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Apple iOS/Apple OS Permission Issue Allows User Fingerprinting
Weaknesses CWE-284
CWE-285

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Apple OS Fingerprinting Through Permission Fault
Weaknesses CWE-200
CWE-284

Thu, 26 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Apple OS Fingerprinting Through Permission Fault
Weaknesses CWE-200
CWE-284

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple tvos
Apple visionos
Apple watchos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:18:57.691Z

Reserved: 2026-03-03T16:36:03.972Z

Link: CVE-2026-28863

cve-icon Vulnrichment

Updated: 2026-03-25T20:16:34.145Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:10.347

Modified: 2026-03-26T20:12:35.090

Link: CVE-2026-28863

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T15:47:54Z

Weaknesses