CVE-2025-46287 is a critical security vulnerability identified in Apple’s FaceTime service across iOS, iPadOS, watchOS, macOS, and visionOS platforms. The root cause is an inconsistent user interface state management issue (classified under CWE-451), which allows an attacker to spoof the caller ID displayed during FaceTime calls. This means an attacker can impersonate another user’s identity, potentially a trusted contact, without needing any privileges or user interaction, making the attack remotely exploitable over the network. The vulnerability compromises confidentiality by misleading users about the caller’s identity, integrity by falsifying communication metadata, and availability by potentially enabling denial or disruption of legitimate communications. Apple addressed this issue by improving state management in the user interface, releasing patches in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3, iPadOS 18.7.3, and other related OS versions. Despite no known exploits in the wild, the vulnerability’s CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates it is easy to exploit remotely without authentication or user interaction, with a full impact on confidentiality, integrity, and availability. The vulnerability affects unspecified versions of Apple’s operating systems prior to the patched releases, necessitating urgent updates. This flaw can be leveraged in social engineering, phishing, or targeted attacks to deceive users and gain unauthorized access or disrupt communications.

For European organizations, the impact of CVE-2025-46287 is significant due to the widespread use of Apple devices in both consumer and enterprise environments. Spoofing FaceTime caller IDs can facilitate sophisticated social engineering attacks, enabling attackers to impersonate trusted contacts or executives to extract sensitive information or deploy malware. Confidential communications may be intercepted or manipulated, undermining trust in internal and external communications. The integrity of communication channels is compromised, potentially leading to fraudulent transactions or unauthorized access to corporate resources. Availability may also be affected if attackers disrupt or flood FaceTime services. Sectors such as finance, government, healthcare, and critical infrastructure in Europe are particularly vulnerable due to their reliance on secure communications and the high value of their data. The lack of required user interaction or privileges lowers the barrier for exploitation, increasing the risk of widespread attacks if patches are not applied promptly.

European organizations should immediately deploy the latest security updates from Apple for all affected operating systems, including iOS 18.7.3, iPadOS 18.7.3, watchOS 26.2, macOS Sonoma 14.8.3, and others as applicable. Beyond patching, organizations should implement strict verification protocols for FaceTime communications, such as secondary confirmation via alternative channels for sensitive or unexpected calls. Security awareness training should emphasize the risk of caller ID spoofing and encourage users to verify identities before sharing sensitive information. Network-level monitoring for anomalous FaceTime traffic patterns can help detect potential exploitation attempts. Enterprises should consider restricting FaceTime usage on corporate devices or enforcing policies that limit FaceTime to trusted contacts only. Additionally, integrating endpoint detection and response (EDR) solutions capable of identifying suspicious activity related to communication spoofing can enhance defense. Regular audits of device OS versions and compliance with update policies are critical to maintaining security posture.