- Description
- An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data.
- Source
- product-security@apple.com
- NVD status
- Modified
- Products
- ipados, iphone_os
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-200
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF4C0EE-C67C-4BA1-BB50-C51DEC72E486",
"versionEndExcluding": "18.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E2601B-7453-4C8B-A307-EF7BC5BF2E84",
"versionEndExcluding": "26.3",
"versionStartIncluding": "26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273784FD-F8F0-466D-AF6E-5511FF3781B7",
"versionEndExcluding": "18.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951073F9-924E-4D9C-8DA1-64E284326CC5",
"versionEndExcluding": "26.3",
"versionStartIncluding": "26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]