CVE-2025-43538
Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A logging issue in Apple OSes allowed an app to access sensitive payment tokens; patched in multiple versions.
Vulnerability
A logging issue in Apple's operating systems was addressed with improved data redaction. The vulnerability allowed an app to access sensitive user data, specifically payment tokens, due to improper handling of logging output [1][2][4].
Exploitation
An app running on the affected device could exploit this flaw to read payment tokens from system logs. No special privileges beyond app installation are required, as the issue stems from the system's logging behavior [1][2].
Impact
Successful exploitation could expose sensitive payment tokens, potentially enabling unauthorized transactions or financial data theft.
Mitigation
Apple released patches for iOS 18.7.3, iPadOS 18.7.3, iOS 26.2, iPadOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. Users should update their devices to the latest available versions [1][2][4].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 18.7.3, = 26.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- support.apple.com/en-us/125888nvdRelease NotesVendor Advisory
- support.apple.com/en-us/125884nvd
- support.apple.com/en-us/125885nvd
- support.apple.com/en-us/125886nvd
- support.apple.com/en-us/125890nvd
- support.apple.com/en-us/125891nvd
News mentions
0No linked articles in our index yet.