Security Vulnerability Report
中文
CVE-2025-46288 CVSS 5.5 MEDIUM

CVE-2025-46288

Published: 2025-12-17 21:16:14
Last Modified: 2026-04-02 19:21:04
Source: [email protected]

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* - VULNERABLE
Apple iOS < 26.2
Apple iPadOS < 26.2
Apple macOS Tahoe < 26.2
Apple visionOS < 26.2
Apple watchOS < 26.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-46288 PoC - Permission bypass for payment token access // Note: This is a conceptual demonstration for security research purposes only // Actual exploitation requires specific conditions on affected Apple devices // Simulated attack scenario demonstrating the vulnerability function exploitPaymentTokenAccess() { console.log("[*] CVE-2025-46288 PoC - Apple Payment Token Access"); console.log("[*] Target: iOS/iPadOS/macOS/visionOS/watchOS < 26.2"); // Step 1: Check if running on vulnerable version const isVulnerable = checkVulnerableVersion(); if (!isVulnerable) { console.log("[-] Device is not vulnerable or already patched"); return false; } // Step 2: Attempt to access payment token through vulnerable path console.log("[*] Attempting to access payment tokens..."); const paymentTokens = attemptTokenAccess(); // Step 3: Extract sensitive payment information if (paymentTokens && paymentTokens.length > 0) { console.log("[!] Successfully accessed payment tokens"); paymentTokens.forEach(token => { console.log("Token ID:", token.id); console.log("Payment Method:", token.method); }); return true; } console.log("[-] Access denied - vulnerability may be patched"); return false; } function checkVulnerableVersion() { // Check OS version against affected versions const currentVersion = getSystemVersion(); const affectedVersions = ['26.2']; return !affectedVersions.includes(currentVersion); } function attemptTokenAccess() { // Simulated token access through vulnerable code path // In real scenario, this would exploit improper permission checks return null; // Placeholder } // Mitigation: Update to iOS 26.2, iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, or watchOS 26.2

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-46288", "sourceIdentifier": "[email protected]", "published": "2025-12-17T21:16:14.010", "lastModified": "2026-04-02T19:21:04.020", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EA029506-5678-444B-93B5-27DAD643A1C0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "6276FDCA-3407-4FDD-8437-B57C98A97084"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "FBA92B6D-E36C-432B-A041-94D81427CD75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EB10D901-4800-4DF9-AB35-48017C178161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "15574823-ECE0-4394-99BC-6AFA34E599CC"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125884", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125890", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125891", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.