CVE-2025-30430
📋 TL;DR
This vulnerability allows password autofill to incorrectly populate passwords even after authentication fails, potentially exposing credentials. It affects Apple visionOS, iOS, iPadOS, and macOS users who use password autofill features. Attackers could exploit this to gain unauthorized access to saved credentials.
💻 Affected Systems
- visionOS
- iOS
- iPadOS
- macOS Sequoia
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Attackers gain unauthorized access to all saved passwords and accounts, leading to complete account compromise, data theft, and potential lateral movement.
Likely Case
Targeted credential harvesting where attackers capture specific passwords through social engineering or malicious apps.
If Mitigated
Limited exposure if multi-factor authentication is enabled and password managers are not used for critical accounts.
🎯 Exploit Status
Exploitation requires user interaction with password autofill prompts, potentially through malicious apps or websites.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4
Vendor Advisory: https://support.apple.com/en-us/122371
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest update. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable Password Autofill
allTemporarily disable password autofill to prevent exploitation.
Settings > Passwords > Password Options > Turn off AutoFill Passwords
Use Third-Party Password Manager
allSwitch to a dedicated password manager instead of built-in autofill.
🧯 If You Can't Patch
- Disable password autofill in system settings immediately.
- Enable multi-factor authentication on all critical accounts.
🔍 How to Verify
Check if Vulnerable:
Check system version in Settings > General > About. If version is below the patched versions listed, system is vulnerable.Check Version:
Settings > General > About > VersionVerify Fix Applied:
Confirm system version matches or exceeds visionOS 2.4, iOS 18.4, iPadOS 18.4, or macOS Sequoia 15.4.📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts followed by successful autofill events
- Unusual password access patterns
Network Indicators:
- Unexpected authentication requests to services
- Credential harvesting patterns
SIEM Query:
source="apple_auth_logs" event="autofill" result="success" AND previous_event="authentication_failure"🔗 References
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122378
- http://seclists.org/fulldisclosure/2025/Apr/12
- http://seclists.org/fulldisclosure/2025/Apr/13
- http://seclists.org/fulldisclosure/2025/Apr/4
- http://seclists.org/fulldisclosure/2025/Apr/8
