CVE-2025-46292
Improper Entitlement Checks in iOS/iPadOS Allow Data Access
Publication date: 2025-12-17
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 18.7.3 (exc) |
| apple | ipados | From 26.0 (inc) to 26.2 (exc) |
| apple | iphone_os | to 18.7.3 (exc) |
| apple | iphone_os | From 26.0 (inc) to 26.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves insufficient entitlement checks in certain Apple operating systems, which could allow an app to access user-sensitive data without proper authorization. It was addressed by adding additional entitlement checks in iOS 26.2, iPadOS 26.2, iOS 18.7.3, and iPadOS 18.7.3.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an app to access sensitive user data without permission, potentially leading to privacy breaches or unauthorized data exposure.
What immediate steps should I take to mitigate this vulnerability?
Update your devices to the fixed versions of the operating systems: iOS 26.2, iPadOS 26.2, iOS 18.7.3, or iPadOS 18.7.3 to ensure the additional entitlement checks are applied and prevent apps from accessing user-sensitive data.