Medium severity5.3NVD Advisory· Published Nov 4, 2025· Updated Apr 2, 2026

CVE-2025-43444

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A permissions issue in Apple operating systems could allow an app to fingerprint the user by identifying installed apps.

Vulnerability

Overview

CVE-2025-43444 is a permissions issue in Apple operating systems that could allow an app to fingerprint the user. The root cause is a missing restriction that allowed an app to query which other applications are installed on the device, a technique known as app fingerprinting. Apple addressed this by adding additional restrictions to prevent such queries [1][3].

Exploitation

An attacker would need to convince a user to install a malicious app on their device. No additional authentication or network access is required beyond the app's normal permissions. The app could then silently enumerate installed applications, building a unique profile of the user based on their app choices [1][3].

Impact

Successful exploitation allows the app to identify what other apps a user has installed, which can be used to fingerprint the user. This can be used for targeted advertising, phishing, or to infer sensitive information about the user's habits, profession, or interests. The impact is considered medium severity (CVSS 5.3) as it primarily affects privacy rather than data integrity or system availability.

Mitigation

Apple has released patches for this issue in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1 [1][2][3][4]. Users are strongly advised to update their devices to the latest available software versions. No workarounds have been published.

References

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados2 versions
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <26.1
- (no CPE)range: >=18.7.2, >=26.1
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <26.1
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <26.1
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <26.1
Apple Inc./watchOS
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Range: <26.1
Cisco Systems, Inc./Cisco iOSllm-fuzzy
Range: >=18.7.2, >=26.1
Apple Inc./macOS Tahoellm-fuzzy
Range: =26.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000