CVE-2025-46308

Vulnerability

An authorization issue in the state management of iOS, iPadOS, and macOS allows an app to access sensitive user data that should be protected. This issue is present in versions prior to iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. The underlying problem is a logging issue where sensitive data is not properly redacted, as described in the security advisories [1][2].

Exploitation

An attacker would need to have an app installed on the device. No special privileges or user interaction beyond normal app usage are required. The app can exploit the authorization flaw to access sensitive data that is improperly logged or exposed due to state management issues.

Impact

Successful exploitation allows the app to leak sensitive user information, such as personal data. The impact is information disclosure, potentially compromising user privacy.

Mitigation

Apple fixed the issue in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, released March 31, 2025. Users should update to these versions. No workarounds are mentioned in the available references [1][2].