CVE-2025-46292
Description
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A permissions issue in iOS and iPadOS allowed an app to access sensitive user data; patched in iOS 18.7.3 and 26.2.
Root
Cause
CVE-2025-46292 is a permissions issue in iOS and iPadOS that was addressed with additional entitlement checks and restrictions. The vulnerability originates from insufficient enforcement of entitlements, which permitted an app to bypass privacy boundaries. [1][2]
Exploitation
An attacker would need to have a malicious app installed on a vulnerable device. No additional user interaction beyond launching the app would be required. The attack surface is local, meaning the app must be run on the user's device. [1]
Impact
A successful exploit could allow the app to access sensitive payment tokens or other user-sensitive data. Apple's advisory describes the impact as 'An app may be able to access sensitive payment tokens' for iOS 26.2/iPadOS 26.2, and a general data access for iOS 18.7.3/iPadOS 18.7.3. [1][2]
Mitigation
Apple has released fixes in iOS 18.7.3 and iPadOS 18.7.3 as well as iOS 26.2 and iPadOS 26.2. Users should update to the latest versions. There is no mention of a workaround. [1]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <18.7.3
- (no CPE)range: <18.7.3, <26.2
- Range: <18.7.3, <26.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- support.apple.com/en-us/125884nvdRelease NotesVendor Advisory
- support.apple.com/en-us/125885nvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.