CVE-2025-43428
BaseFortify
Publication date: 2025-12-17
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 26.2 (exc) |
| apple | iphone_os | to 26.2 (exc) |
| apple | macos | to 26.2 (exc) |
| apple | visionos | to 26.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a configuration flaw in the Photos app on various Apple devices and operating systems (iOS, iPadOS, macOS Tahoe, and visionOS). It allows photos stored in the Hidden Photos Album to be viewed without requiring user authentication. Essentially, unauthorized users could access photos that are meant to be hidden and protected. Apple fixed this issue by adding additional restrictions to prevent such unauthorized access. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized individuals to view photos that you have stored in the Hidden Photos Album without needing to authenticate. This could lead to privacy breaches, exposing sensitive or personal images that you intended to keep private. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Apple devices to the fixed versions: visionOS 26.2, iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2. These updates include configuration fixes that impose additional restrictions to prevent unauthorized access to photos in the Hidden Photos Album. [1, 2, 3]