CVE-2025-43542
📋 TL;DR
A FaceTime remote control vulnerability allows password fields to be unintentionally revealed during screen sharing sessions. This affects users of Apple devices running vulnerable iOS, iPadOS, macOS, and visionOS versions who use FaceTime remote control functionality.
💻 Affected Systems
- iOS
- iPadOS
- macOS
- visionOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Attackers could capture passwords or other sensitive information displayed in password fields during FaceTime remote control sessions, potentially leading to credential theft and account compromise.
Likely Case
Accidental exposure of password fields during legitimate remote assistance sessions, potentially revealing credentials to the remote party.
If Mitigated
With proper controls, the risk is limited to authorized remote control sessions where both parties are trusted, and sensitive information is not displayed during sessions.
🎯 Exploit Status
Exploitation requires initiating or being part of a FaceTime remote control session. The attacker would need to be in a position to observe the screen during password field interactions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, iOS 26.2, iPadOS 26.2, macOS Sequoia 15.7.3, visionOS 26.2
Vendor Advisory: https://support.apple.com/en-us/125884
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the latest available update. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable FaceTime Remote Control
allTemporarily disable FaceTime remote control functionality to prevent exploitation.
Settings > FaceTime > Turn off 'Remote Control' or similar sharing options
Avoid Password Entry During Remote Sessions
allDo not enter passwords or other sensitive information while a FaceTime remote control session is active.
🧯 If You Can't Patch
- Disable FaceTime remote control functionality entirely in device settings
- Implement strict policies prohibiting password entry during any remote assistance sessions
🔍 How to Verify
Check if Vulnerable:
Check device version in Settings > General > About > Software Version. If version is earlier than the patched versions listed, the device is vulnerable.Check Version:
Settings > General > About > Software Version (iOS/iPadOS/visionOS) or About This Mac > Software Update (macOS)Verify Fix Applied:
After updating, verify the software version matches or exceeds the patched versions: iOS 18.7.3+, iPadOS 18.7.3+, macOS Tahoe 26.2+, iOS 26.2+, iPadOS 26.2+, macOS Sequoia 15.7.3+, visionOS 26.2+.📡 Detection & Monitoring
Log Indicators:
- FaceTime remote control session logs showing unusual activity
- Multiple failed authentication attempts following remote sessions
Network Indicators:
- FaceTime remote control session traffic patterns
- Unusual data exfiltration following remote sessions
SIEM Query:
source="apple-device-logs" AND event="facetime-remote-control" AND (user="*password*" OR sensitive_field="visible")