CVE-2025-30426

CVE-2025-30426 is a vulnerability in Apple operating systems that allows an installed app to enumerate a user's other installed apps due to missing entitlement checks. Affected platforms include iOS versions prior to 18.4, iPadOS versions prior to 18.4 and 17.7.6, macOS Sequoia versions prior to 15.4, tvOS versions prior to 18.4, visionOS versions prior to 2.4, and watchOS versions prior to 11.4. Published on 2025-03-31, the issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).

An attacker requires no privileges and can exploit this remotely over the network with low attack complexity and no user interaction. By distributing a malicious app that a user installs, the attacker can enumerate the full list of apps on the device, enabling potential reconnaissance of the user's installed software, preferences, and behavior.

Apple addressed the vulnerability through additional entitlement checks, with fixes released in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, and watchOS 11.4. Security advisories detail these updates on Apple's support pages, including https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122376, and https://support.apple.com/en-us/122377. Practitioners should prioritize patching affected devices to these versions.