CVE-2025-30428
📋 TL;DR
This vulnerability allows unauthorized viewing of photos in the Hidden Photos Album on Apple devices without proper authentication. It affects users of iOS and iPadOS who have not updated to patched versions. The issue stems from improper state management in the Photos app.
💻 Affected Systems
- iOS
- iPadOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical access to a locked device could view sensitive photos marked as hidden, potentially exposing private or confidential information.
Likely Case
Someone briefly accessing an unattended device could view hidden photos without needing the device passcode or biometric authentication.
If Mitigated
With proper device security practices (immediate locking, strong passcodes), the window of opportunity for exploitation is significantly reduced.
🎯 Exploit Status
Exploitation requires physical access to the device but no authentication. The vulnerability is straightforward to trigger once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 18.4, iPadOS 18.4, iPadOS 17.7.6
Vendor Advisory: https://support.apple.com/en-us/122371
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install the available update. 5. Restart device when prompted.
🔧 Temporary Workarounds
Disable Hidden Photos Album
allMove photos out of the Hidden Photos Album to standard albums where they remain protected by device authentication.
Enable Screen Time Restrictions
allUse Screen Time to restrict access to the Photos app when device is locked.
🧯 If You Can't Patch
- Ensure devices are never left unattended and locked when not in use
- Move sensitive photos out of Hidden Photos Album to secure third-party apps with additional authentication
🔍 How to Verify
Check if Vulnerable:
Check iOS/iPadOS version in Settings > General > About. If version is earlier than iOS 18.4, iPadOS 18.4, or iPadOS 17.7.6, the device is vulnerable.Check Version:
Settings > General > About > VersionVerify Fix Applied:
After updating, verify version shows iOS 18.4, iPadOS 18.4, or iPadOS 17.7.6 or later. Test by attempting to access Hidden Photos Album from lock screen (should require authentication).📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to Photos app from lock screen
- Multiple failed authentication attempts followed by Photos app access
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Device logs showing Photos app activity without preceding successful authentication event