CVE-2025-43452 is a vulnerability discovered in Apple’s iOS and iPadOS platforms where the keyboard suggestion feature can inadvertently display sensitive information on the lock screen. Keyboard suggestions typically provide word or phrase completions based on user input and context, but in this case, the suggestions could leak private data such as previously typed sensitive content, potentially exposing confidential information to anyone with physical access to the locked device. The vulnerability arises because the system did not sufficiently restrict the data used for suggestions when the device was locked. Apple mitigated this issue by limiting the keyboard suggestions available on locked devices, effectively preventing sensitive data from being shown without device authentication. The fix was released in iOS and iPadOS 26.1. There is no CVSS score assigned yet, and no known exploits have been reported in the wild. The vulnerability primarily threatens confidentiality, as it could allow unauthorized viewing of private information without unlocking the device. The attack vector requires physical access to the locked device but does not require user interaction beyond viewing the lock screen. This vulnerability affects all versions prior to 26.1, though exact affected versions are unspecified. Organizations relying on Apple mobile devices should ensure timely updates to mitigate this risk.

For European organizations, the primary impact of CVE-2025-43452 is the potential exposure of sensitive or confidential information through the lock screen on Apple mobile devices. This could lead to data leakage incidents, especially in environments where devices contain sensitive corporate or personal data. The confidentiality breach could undermine privacy regulations such as GDPR if personal data is exposed. Although the vulnerability does not affect device integrity or availability, the unauthorized disclosure of information could facilitate further social engineering or targeted attacks. Organizations with mobile workforces, especially those handling sensitive information on iPhones or iPads, face increased risk. The lack of known exploits reduces immediate threat but does not eliminate risk, as attackers could develop methods to leverage this vulnerability. The impact is heightened in sectors with strict data protection requirements, such as finance, healthcare, and government. Failure to patch could also damage organizational reputation and trust.

European organizations should implement the following specific mitigations: 1) Expedite deployment of iOS and iPadOS 26.1 or later on all corporate-managed Apple devices to ensure the vulnerability is patched. 2) Enforce mobile device management (MDM) policies that mandate automatic updates or restrict device usage if not updated. 3) Educate users about the risks of leaving devices unattended and the importance of physical security to prevent unauthorized access. 4) Disable or limit keyboard suggestions on lock screens via configuration profiles if immediate patching is not feasible. 5) Monitor for unusual access patterns or physical device tampering in sensitive environments. 6) Review and audit data stored or accessible via keyboard suggestions to minimize sensitive data exposure. 7) Incorporate this vulnerability into risk assessments and incident response plans to prepare for potential exploitation. These measures go beyond generic advice by focusing on device management, user awareness, and configuration controls specific to this vulnerability.