Medium severity5.5NVD Advisory· Published Dec 12, 2025· Updated Apr 2, 2026

CVE-2025-46276

Description

An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A permissions issue in Apple operating systems allows an app to access sensitive payment tokens, addressed in multiple updates.

Vulnerability

Details CVE-2025-46276 is a permissions issue in Apple's operating systems that allows an app to access sensitive payment tokens [1][2][4]. The issue was addressed with additional restrictions to improve privacy controls.

Exploitation

An app running on the affected device can exploit this vulnerability without requiring special privileges, as the permissions were insufficiently restricted. The attack vector is local, meaning the app must be installed on the device.

Impact

Successful exploitation could lead to disclosure of sensitive payment tokens, potentially enabling unauthorized transactions or financial fraud.

Mitigation

Apple has released patches in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. Users should update to the latest versions.

References

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./macOS2 versions
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <14.8.3
- (no CPE)range: Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2
Apple Inc./Visionosllm-fuzzy
Range: 26.2
Cisco Systems, Inc./Cisco iOSllm-fuzzy
Range: 18.7.3, 26.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/125887nvdRelease NotesVendor Advisory
support.apple.com/en-us/125888nvdRelease NotesVendor Advisory
support.apple.com/en-us/125884nvd
support.apple.com/en-us/125885nvd
support.apple.com/en-us/125886nvd
support.apple.com/en-us/125890nvd
support.apple.com/en-us/125891nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000