First published: Mon May 12 2025(Updated: )
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.
Credit: Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeDalibor Milanovic Andrew James Gonzalez YingQi Shi @Mas0nShi DBAppSecurity's WeBin labDuy Trần @khanhduytran0 Dayton Pidhirney Atredis PartnersLyutoon YenKoc Saagar Jha Michael DePlante @izobashi Trend Micro Zero Day InitiativeLucas Leong @_wmliang_ Trend Micro Zero Day InitiativeChristian Kohlschütter CVE-2024-8176 Richard Hyunho Im @richeeta Paweł Płatek (Trail BitsAndr.Ess Shehab Khan wac CertiK @CertiK Dave G. Google V8 Security Team Andreas Jaegersberger & Ro Achterberg Nosebeard Labswac Trend Micro Zero Day Initiativerheza @ginggilBesel an anonymous researcher Nan Wang @eternalsakura13 Ignacio Sanmillan @ulexec Jiming Wang Jikai Ren Ivan Fratric Google Project ZeroJuergen Schmied Lynck GmbH秦若涵 崔志伟 崔宝江 Deval Jariwala Guilherme Rambo Best Buddy Apps
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS and iPadOS | <18.5 | 18.5 |
Apple iOS, iPadOS, and macOS | <18.5 | 18.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The severity of CVE-2025-31207 is classified as high due to its potential impact on user privacy and data security.
To fix CVE-2025-31207, update your Apple iOS or iPadOS to version 18.5 or later.
CVE-2025-31207 affects Apple devices running iOS and iPadOS versions prior to 18.5.
CVE-2025-31207 addresses multiple issues including input sanitization improvements, state management, and data privacy concerns.
CVE-2025-31207 is not persistent as it can be mitigated by updating to the latest software version.