CVE-2025-46279 is a critical vulnerability affecting Apple iOS, iPadOS, watchOS, macOS Tahoe, visionOS, and tvOS platforms, identified as a permissions issue that allows an app to detect which other apps are installed on a user's device. This issue violates user privacy by enabling unauthorized app enumeration, which can be exploited for profiling users, targeted phishing, or further exploitation by revealing installed security or banking apps. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It has a CVSS v3.1 base score of 9.8, reflecting its critical nature with network attack vector, low attack complexity, no privileges or user interaction required, and impacts on confidentiality, integrity, and availability. Apple addressed this vulnerability in updates including watchOS 26.2, iOS and iPadOS 18.7.3 and 26.2, macOS Tahoe 26.2, visionOS 26.2, and tvOS 26.2. No known exploits are currently reported in the wild, but the potential for abuse is significant given the sensitive nature of app installation data. The vulnerability allows malicious apps to bypass intended sandbox restrictions and privacy controls, undermining the security model of Apple’s ecosystem. This can lead to targeted attacks, privacy violations, and potentially facilitate more complex multi-stage attacks by revealing the presence of security or financial apps. The issue highlights the importance of strict permission enforcement and app vetting in mobile ecosystems.

For European organizations, this vulnerability poses a significant privacy and security risk. Many enterprises and government agencies rely on Apple devices for secure communications and sensitive data handling. The ability for a malicious app to identify installed apps can lead to targeted spear-phishing, social engineering, or exploitation of known vulnerabilities in those apps. This undermines user privacy and can compromise organizational security postures, especially in sectors such as finance, healthcare, and critical infrastructure. Additionally, the exposure of installed security or enterprise management apps can facilitate evasion or disablement of protective controls. The critical severity and ease of exploitation mean that attackers can leverage this vulnerability remotely without user interaction or elevated privileges, increasing the risk of widespread impact. Compliance with GDPR and other privacy regulations may also be affected if user data is exposed or misused due to this vulnerability.

European organizations should immediately ensure that all Apple devices are updated to the patched OS versions: iOS and iPadOS 18.7.3 or later, watchOS 26.2 or later, macOS Tahoe 26.2 or later, visionOS 26.2 or later, and tvOS 26.2 or later. Organizations should enforce strict mobile device management (MDM) policies to control app installation sources, limiting apps to trusted vendors and enterprise-signed apps only. Application vetting processes should be enhanced to detect apps attempting to enumerate installed apps or access unauthorized data. Network monitoring should be implemented to detect unusual app behaviors or data exfiltration attempts. User awareness training should emphasize the risks of installing untrusted apps. Additionally, organizations should review and tighten app permissions and sandboxing policies where possible. Incident response plans should be updated to include detection and remediation steps for exploitation attempts related to this vulnerability.