CVE-2026-20640
Screenshot Exposure via UI State Management Flaw in iOS Mirroring
Publication date: 2026-02-11
Last updated on: 2026-02-17
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 26.3 (exc) |
| apple | iphone_os | to 26.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-703 | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an inconsistent user interface issue related to state management in iOS and iPadOS. It allows an attacker with physical access to an iPhone to take and view screenshots of sensitive data during the iPhone Mirroring process with a Mac.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow someone with physical access to your iPhone to capture screenshots of sensitive information without your consent while your device is mirrored to a Mac. This could lead to unauthorized disclosure of private data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your iPhone or iPad to iOS 26.3 or iPadOS 26.3, where the issue has been fixed.
Additionally, avoid allowing physical access to your device by untrusted individuals, especially during iPhone Mirroring with a Mac, to prevent unauthorized screenshot capture of sensitive data.