CVE-2025-43418
BaseFortify
Publication date: 2025-11-05
Last updated on: 2025-12-17
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 18.7.2 (exc) |
| apple | iphone_os | to 18.7.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker with physical access to a locked iOS or iPadOS device to potentially view sensitive user information by exploiting options that were previously available on the locked device. The issue was addressed by restricting these options in iOS 18.7.2 and iPadOS 18.7.2.
How can this vulnerability impact me? :
If an attacker gains physical access to your locked device, they may be able to view sensitive information without unlocking the device, potentially compromising your privacy and security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your device to iOS 18.7.2 or iPadOS 18.7.2 as these versions contain the fix that restricts options on a locked device to prevent unauthorized access to sensitive user information.