CVE-2025-43360
📋 TL;DR
This CVE describes a UI vulnerability in iOS/iPadOS where password fields may be unintentionally revealed, potentially exposing sensitive credentials. It affects users of Apple mobile devices running vulnerable versions. The issue was addressed through improved UI handling in the latest updates.
💻 Affected Systems
- iOS
- iPadOS
📦 What is this software?
Ipados by Apple
⚠️ Risk & Real-World Impact
Worst Case
Attackers could observe passwords being entered, leading to credential theft and potential account compromise across multiple services.
Likely Case
Accidental exposure of passwords to nearby individuals or through screen sharing, resulting in limited credential exposure.
If Mitigated
Minimal impact with proper physical security and user awareness about screen privacy.
🎯 Exploit Status
Exploitation requires physical proximity or screen observation. No technical exploit code needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 26 and iPadOS 26
Vendor Advisory: https://support.apple.com/en-us/125108
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install iOS 26/iPadOS 26. 5. Restart device when prompted.
🔧 Temporary Workarounds
Enable Screen Privacy
allUse privacy screen protectors or be mindful of screen visibility in public spaces
Use Biometric Authentication
allPrefer Face ID/Touch ID over manual password entry when possible
🧯 If You Can't Patch
- Avoid entering passwords in public or shared spaces
- Use password managers with auto-fill features instead of manual entry
🔍 How to Verify
Check if Vulnerable:
Check iOS/iPadOS version in Settings > General > About > Software VersionCheck Version:
Settings > General > About > Software VersionVerify Fix Applied:
Verify version shows iOS 26.x or iPadOS 26.x or higher📡 Detection & Monitoring
Log Indicators:
- No specific log indicators for this UI vulnerability
Network Indicators:
- No network-based indicators
SIEM Query:
Not applicable - local UI issue