CVE-2025-43423
BaseFortify
Publication date: 2025-11-04
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 26.1 (exc) |
| apple | iphone_os | to 26.1 (exc) |
| apple | macos | to 15.7.2 (exc) |
| apple | visionos | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a logging issue where sensitive user information may be exposed in system logs. Specifically, an attacker with physical access to an unlocked device that is paired with a Mac could potentially view this sensitive information due to insufficient data redaction in the logs. The issue has been fixed in certain versions of iOS, iPadOS, macOS, and visionOS.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with physical access to your unlocked device and a paired Mac to view sensitive user information through system logs. This could lead to unauthorized disclosure of personal or confidential data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your devices to iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, or visionOS 26.1 as applicable. Additionally, avoid leaving devices unlocked and paired Macs unattended to prevent unauthorized physical access.