CVE-2025-46279 – This CVE describes an information disclosure vu... (How to Fix)

Q: What is the severity of CVE-2025-46279?

CVE-2025-46279 has a CVSS score of 3.3 (LOW). This CVE describes an information disclosure vulnerability in Apple operating systems where an app could identify what other apps a user has installed. It affects users of iOS, iPadOS, watchOS, macOS, visionOS, and tvOS who haven't updated to the patched versions.

📋 TL;DR

This CVE describes an information disclosure vulnerability in Apple operating systems where an app could identify what other apps a user has installed. It affects users of iOS, iPadOS, watchOS, macOS, visionOS, and tvOS who haven't updated to the patched versions.

💻 Affected Systems

Products:

iOS
iPadOS
watchOS
macOS
visionOS
tvOS

Versions: Versions prior to the patched releases listed in the CVE description

Operating Systems: Apple operating systems

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Apple operating systems are vulnerable until patched.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could profile a user's device, potentially identifying sensitive apps (banking, healthcare, etc.) and using this information for targeted social engineering or spear-phishing attacks.

🟠

Likely Case

Malicious apps or compromised legitimate apps could collect information about installed applications for advertising profiling or to identify potential targets for further exploitation.

🟢

If Mitigated

With proper app sandboxing and the patch applied, apps cannot access information about other installed applications beyond what's explicitly permitted.

🌐 Internet-Facing: LOW - This vulnerability requires local app execution and doesn't directly expose systems to remote exploitation.

🏢 Internal Only: MEDIUM - While not a direct privilege escalation, the information disclosure could facilitate more targeted attacks within an organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - The vulnerability appears to be a straightforward permissions bypass that apps could leverage.

Exploitation requires a malicious or compromised app to be installed on the target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2

Vendor Advisory: https://support.apple.com/en-us/125884

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest available update for your device. 4. Restart device when prompted.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources and review app permissions carefully.

🧯 If You Can't Patch

Implement mobile device management (MDM) to control app installations and monitor for suspicious behavior.
Educate users about the risks of installing untrusted apps and regularly review installed applications.

🔍 How to Verify

Check if Vulnerable:

Check your device's current OS version against the patched versions listed in the CVE description.

Check Version:

iOS/iPadOS: Settings > General > About > Version. macOS: Apple menu > About This Mac. watchOS: Watch app on iPhone > General > About. tvOS: Settings > General > About. visionOS: Settings > General > About.

Verify Fix Applied:

Verify your device is running one of the patched versions: watchOS 26.2+, iOS 18.7.3+, iPadOS 18.7.3+, iOS 26.2+, iPadOS 26.2+, macOS Tahoe 26.2+, visionOS 26.2+, or tvOS 26.2+.

📡 Detection & Monitoring

Log Indicators:

Unusual app behavior attempting to query installed applications list
Apps requesting permissions beyond their stated functionality

Network Indicators:

Suspicious data exfiltration to unknown domains from mobile devices

SIEM Query:

Look for events where apps are accessing system APIs related to installed applications enumeration without proper authorization.

📊 Metadata

CVE ID: CVE-2025-46279

CVSS v3 Score: 3.3 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

EPSS Score: 0.02% exploit probability (4.4th percentile)

Published: December 17, 2025

Last Updated: December 18, 2025

🔗 References

https://support.apple.com/en-us/125884 Release Notes,Vendor Advisory
https://support.apple.com/en-us/125885 Release Notes,Vendor Advisory
https://support.apple.com/en-us/125886 Release Notes,Vendor Advisory
https://support.apple.com/en-us/125889 Release Notes,Vendor Advisory
https://support.apple.com/en-us/125890 Release Notes,Vendor Advisory
https://support.apple.com/en-us/125891 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46279, you might also want to check these: