CVE-2025-43436

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-43436

CWE

https://cwe.mitre.org/data/definitions/288.html

A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to enumerate a users installed apps.

Weakness

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	26.1 (excluding)
Iphone_os	Apple	*	26.1 (excluding)
Tvos	Apple	*	26.1 (excluding)
Visionos	Apple	*	26.1 (excluding)
Watchos	Apple	*	26.1 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/127.html
https://cwe.mitre.org/data/definitions/665.html

References

https://support.apple.com/en-us/125632
https://support.apple.com/en-us/125634
https://support.apple.com/en-us/125637
https://support.apple.com/en-us/125638
https://support.apple.com/en-us/125639

Authentication Bypass Using an Alternate Path or Channel

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References