CVE-2026-20674
📋 TL;DR
This CVE describes a privacy vulnerability in iOS/iPadOS where an attacker with physical access to a locked device could view sensitive user information. The issue affects users with devices running vulnerable versions of iOS/iPadOS before the fix. Apple has addressed this by removing the sensitive data exposure in the patched versions.
💻 Affected Systems
- iPhone
- iPad
📦 What is this software?
Ipados by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker with brief physical access to a locked device could extract sensitive personal information such as contacts, messages, photos, or authentication tokens without unlocking the device.
Likely Case
Someone with temporary physical access (like a thief, colleague, or family member) could view private information on a locked device they shouldn't have access to.
If Mitigated
With proper physical security controls and updated software, the risk is minimal as the vulnerability requires physical device access.
🎯 Exploit Status
Exploitation requires physical access to a locked device. No authentication bypass is needed beyond having the device in hand. The complexity is medium as it likely involves specific device interactions while locked.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 26.3, iPadOS 26.3
Vendor Advisory: https://support.apple.com/en-us/126346
Restart Required: No
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Download and install iOS/iPadOS 26.3 or later. 4. The device will restart automatically during installation.
🔧 Temporary Workarounds
Enable Stronger Lock Screen Security
iOS/iPadOSConfigure device to require passcode immediately and disable lock screen access to sensitive features
Settings > Face ID & Passcode > Require Passcode: Immediately
Settings > Face ID & Passcode > Disable lock screen access to features like Siri, Today View, or Control Center
🧯 If You Can't Patch
- Implement strict physical security controls for devices - never leave devices unattended in public or unsecured areas
- Enable remote wipe capabilities and ensure devices are enrolled in MDM with strict lock policies
🔍 How to Verify
Check if Vulnerable:
Check if iOS/iPadOS version is earlier than 26.3 in Settings > General > About > Software VersionCheck Version:
Settings > General > About > Software Version (no CLI command available on iOS/iPadOS)Verify Fix Applied:
Verify the device is running iOS/iPadOS 26.3 or later in Settings > General > About > Software Version📡 Detection & Monitoring
Log Indicators:
- Unusual device access patterns while locked
- Multiple failed unlock attempts followed by successful information access
Network Indicators:
- None - this is a local physical access vulnerability
SIEM Query:
Device logs showing lock screen bypass or unauthorized access to protected data while device was reported as locked