Description
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring.
Published: 2026-05-11
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability was a privacy concern in iPhone Mirroring where Visual Intelligence could expose sensitive user data. The flaw was mitigated by removing the vulnerable code. Attackers with physical access could use Visual Intelligence during mirroring to access sensitive data.

Affected Systems

All Apple iOS and iPadOS devices running a version older than iOS 26.5 or iPadOS 26.5 were affected. The issue has been resolved on 26.5 for both operating systems.

Risk and Exploitability

Exploitation requires physical possession of the device and the ability to run Visual Intelligence while mirroring. The EPSS score indicates a very low exploitation probability (<1%) and the CVSS score of 4.6 indicates medium severity. Nonetheless, exposure of sensitive data remains a significant risk for devices in environments where physical access cannot be tightly controlled, and the lack of a public exploit does not diminish the urgency of applying the 26.5 update.

Generated by OpenCVE AI on May 12, 2026 at 23:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to iOS 26.5 or iPadOS 26.5 to remove the vulnerable code.
  • Disable iPhone Mirroring if it is not required for business operations.
  • Secure the device to prevent unauthorized physical access and restrict mirroring to authorized personnel.

Generated by OpenCVE AI on May 12, 2026 at 23:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/127110 cve-icon cve-icon
History

Wed, 13 May 2026 00:00:00 +0000

Type Values Removed Values Added
Title Visual Intelligence Privacy Violation in iPhone Mirroring

Tue, 12 May 2026 22:30:00 +0000

Type Values Removed Values Added
Title Physical Access Visual Intelligence Leaks Sensitive Data during iPhone Mirroring
Weaknesses CWE-200

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-359
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
Title Physical Access Visual Intelligence Leaks Sensitive Data during iPhone Mirroring
First Time appeared Apple
Apple ios And Ipados
Weaknesses CWE-200
Vendors & Products Apple
Apple ios And Ipados

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring.
References

Subscriptions

Apple Ios And Ipados
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T18:30:35.882Z

Reserved: 2026-03-03T16:36:03.991Z

Link: CVE-2026-28963

cve-icon Vulnrichment

Updated: 2026-05-12T18:12:31.519Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:57.283

Modified: 2026-05-12T19:16:29.790

Link: CVE-2026-28963

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T23:45:25Z

Weaknesses