CVE-2026-28878
App Enumeration Privacy Issue in Apple iOS and macOS
Publication date: 2026-03-25
Last updated on: 2026-03-25
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | From 14.0 (inc) to 14.8.5 (exc) |
| apple | macos | From 26.0 (inc) to 26.4 (exc) |
| apple | ipados | to 18.7.7 (exc) |
| apple | ipados | From 26.0 (inc) to 26.4 (exc) |
| apple | iphone_os | to 18.7.7 (exc) |
| apple | iphone_os | From 26.0 (inc) to 26.4 (exc) |
| apple | tvos | to 26.4 (exc) |
| apple | visionos | to 26.4 (exc) |
| apple | watchos | to 26.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
This vulnerability is a privacy issue where an app may be able to enumerate a user's installed apps. Essentially, it allows an application to discover which other apps are installed on the device, potentially exposing sensitive information about the user's app usage.
The issue was addressed by removing sensitive data that allowed this enumeration, and the fix is included in updates for various Apple operating systems such as iOS, iPadOS, macOS Sonoma, macOS Tahoe, tvOS, visionOS, and watchOS.
How can this vulnerability impact me? :
This vulnerability can impact you by compromising your privacy. If an app can enumerate the installed apps on your device, it may infer personal preferences, habits, or sensitive information based on the apps you use.
Such information could be exploited for targeted advertising, profiling, or other privacy-invasive activities without your consent.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Apple devices to the fixed versions: iOS 18.7.7 or 26.4, iPadOS 18.7.7 or 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, or watchOS 26.4.