CVE-2025-43542

// CVE-2025-43542 PoC - FaceTime Password Field Leakage // Note: This is a conceptual PoC for demonstration purposes const faceTimeExploit = { name: "FaceTime Password Field Exposure", cve: "CVE-2025-43542", severity: "HIGH", // Attack scenario description attackScenario: { prerequisite: "Attacker has FaceTime contact with victim", step1: "Initiate FaceTime call with victim", step2: "Request Screen Sharing permission", step3: "Wait for victim to enter password in any app", step4: "Capture leaked password field from screen stream" }, // Conceptual proof of concept pocCode: ` // Conceptual demonstration (not functional exploit code) function demonstrateLeakage() { // This vulnerability requires: // 1. Active FaceTime connection // 2. Screen sharing enabled // 3. Victim enters password // The bug is in Apple's state management: // Password fields should be masked/blacklisted // during screen sharing, but they are not. // No actual exploit code provided as this is // a state management bug in Apple's proprietary software. console.log("Vulnerability: Password fields exposed during FaceTime screen sharing"); console.log("Fix: Update to iOS 18.7.3, macOS 15.7.3, or later versions"); }`, // Detection method detection: "Monitor FaceTime screen sharing sessions for password field visibility" }

{"cve": {"id": "CVE-2025-43542", "sourceIdentifier": "[email protected]", "published": "2025-12-12T21:15:57.677", "lastModified": "2026-04-02T19:21:02.200", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Tahoe 26.2, visionOS 26.2. Password fields may be unintentionally revealed when remotely controlling a device over FaceTime."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "15.7.3", "matchCriteriaId": "E955E39D-E7C5-4951-BF50-08257F1BAC61"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125884", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125885", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125887", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125891", "source": "[email protected]"}]}}