{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43436", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.124Z", "datePublished": "2025-11-04T01:17:09.977Z", "dateUpdated": "2025-12-18T18:34:08.997Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to enumerate a user's installed apps"}]}], "affected": [{"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps."}], "references": [{"url": "https://support.apple.com/en-us/125637"}, {"url": "https://support.apple.com/en-us/125634"}, {"url": "https://support.apple.com/en-us/125638"}, {"url": "https://support.apple.com/en-us/125639"}, {"url": "https://support.apple.com/en-us/125632"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-12-17T20:46:59.977Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-288", "lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-04T15:14:20.396123Z", "id": "CVE-2025-43436", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T18:34:08.997Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43436", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.124Z", "datePublished": "2025-11-04T01:17:09.977Z", "dateUpdated": "2025-12-18T18:34:08.997Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to enumerate a user's installed apps"}]}], "affected": [{"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps."}], "references": [{"url": "https://support.apple.com/en-us/125637"}, {"url": "https://support.apple.com/en-us/125634"}, {"url": "https://support.apple.com/en-us/125638"}, {"url": "https://support.apple.com/en-us/125639"}, {"url": "https://support.apple.com/en-us/125632"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-12-17T20:46:59.977Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43436", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-04T15:14:20.396123Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T15:16:18.399Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8", "versionEndExcluding": "26.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925", "versionEndExcluding": "26.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "290E0D29-CB5B-45A7-9FE3-FD2030B1D1A4", "versionEndExcluding": "26.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DFD3616-65CA-4E5C-849C-3C20ACBCB610", "versionEndExcluding": "26.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F9D7F76-13FB-407C-94E5-221B93021568", "versionEndExcluding": "26.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps."}], "id": "CVE-2025-43436", "lastModified": "2025-12-17T21:16:03.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-04T02:15:49.467", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125632"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/125634"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125637"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125638"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125639"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2025-11-04T16:34:08.602918+00:00", "updated": "2025-11-04T16:34:08.602942+00:00", "vendors": ["apple", "apple$PRODUCT$ios", "apple$PRODUCT$ipad_os", "apple$PRODUCT$tvos", "apple$PRODUCT$visionos", "apple$PRODUCT$watch_os"]}