CVE-2025-30426 is a high-severity vulnerability affecting Apple’s iOS, iPadOS, and related operating systems, allowing malicious applications to enumerate all installed apps on a user's device. This vulnerability stems from inadequate entitlement checks that fail to restrict app access to the list of installed applications. Such enumeration can reveal sensitive information about the user’s software environment, potentially exposing installed security tools, banking apps, or enterprise applications, which attackers can leverage for targeted attacks or social engineering. The vulnerability has a CVSS 3.1 base score of 9.8, reflecting its critical impact on confidentiality, integrity, and availability without requiring any privileges or user interaction. Apple has remediated this issue by introducing stricter entitlement checks in iOS 18.4, iPadOS 18.4 and 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, and watchOS 11.4. While no exploits have been observed in the wild, the vulnerability’s nature makes it a prime candidate for reconnaissance activities by attackers aiming to profile devices for further exploitation. The CWE-200 classification confirms this as an information disclosure vulnerability. Organizations using Apple devices should assess their device OS versions and apply updates promptly to mitigate risk.

The primary impact of CVE-2025-30426 is unauthorized information disclosure, allowing attackers to gain insight into the installed applications on a user’s Apple device. This can compromise user privacy and enable attackers to identify high-value targets such as banking, corporate, or security applications. With this knowledge, attackers can tailor phishing campaigns, develop targeted malware, or exploit other vulnerabilities specific to those apps. The vulnerability’s critical severity and lack of required privileges or user interaction mean that any malicious app installed on a device can exploit it, increasing the attack surface significantly. For organizations, this can lead to data breaches, loss of intellectual property, and erosion of trust. Additionally, the ability to enumerate installed apps can facilitate lateral movement and persistence in enterprise environments. The broad range of affected Apple platforms means that users across consumer, enterprise, and government sectors are at risk if devices are not updated.

Organizations and users should immediately update affected Apple devices to the patched versions: iOS 18.4, iPadOS 18.4 and 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, and watchOS 11.4. Beyond patching, enterprises should enforce strict app installation policies, limiting apps to those from trusted sources and using Mobile Device Management (MDM) solutions to control app permissions. Monitoring app behavior for unusual access patterns to system information can help detect exploitation attempts. Developers should review app entitlement configurations to ensure no unnecessary permissions are granted. Security teams should educate users about the risks of installing untrusted apps and implement network-level controls to detect and block suspicious communications originating from compromised devices. Regular audits of device OS versions and installed applications will help maintain compliance and reduce exposure.