VYPR
← All advisories
Medium severity6.2NVD Advisory· Published Mar 25, 2026· Updated May 10, 2026

CVE-2026-28833

CVE-2026-28833

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A permissions issue in Apple operating systems allows an app to enumerate a user's installed apps, addressed in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4.

Vulnerability

Overview

CVE-2026-28833 is a permissions issue in Apple operating systems that allows an app to enumerate a user's installed applications. The root cause is a missing or insufficient permission check that would normally prevent an app from querying the list of installed apps on the device. Apple addressed this by adding additional restrictions to the relevant system APIs.

Exploitation

An attacker would require an attacker to have an app installed on the target device. No special network position or authentication bypass is needed beyond the app's own capabilities. The vulnerability is local in nature, meaning the attacker must first get the malicious app onto the device through social engineering or other means.

Impact

An attacker exploiting this vulnerability can learn which apps are installed on the user's device. This information can be used to tailor further attacks, such as targeting specific app vulnerabilities or profiling the user. The impact is limited to information disclosure and does not allow code execution or data theft directly.

Mitigation

Apple has released patches for this issue in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4 [1][2][3]. Users are advised to update their devices to the latest available versions. There is no indication of active exploitation in the wild at the time of publication.

References
  1. About the security content of iOS 26.4 and iPadOS 26.4 - Apple Support
  2. About the security content of macOS Tahoe 26.4 - Apple Support
  3. About the security content of visionOS 26.4 - Apple Support

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <26.4
    • (no CPE)range: <26.4
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <26.4
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=26.0,<26.4
    • (no CPE)range: 0
  • Apple Inc./Visionos3 versions
    cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*range: <26.4
    • (no CPE)range: <26.4
    • (no CPE)range: 0
  • Cisco Systems, Inc./Cisco iOSllm-fuzzy
    Range: <26.4
  • Apple Inc./macOS Tahoellm-fuzzy
    Range: <26.4
  • Apple/iOS and iPadOSv5
    Range: 0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.