CVE-2025-46306 is a vulnerability identified in Apple’s Keynote application on iOS and iPadOS platforms, stemming from improper bounds checking (classified as CWE-125). When a user opens a maliciously crafted Keynote file, the application may read and disclose memory contents beyond intended boundaries. This memory disclosure can leak sensitive information residing in the device’s memory, potentially including cryptographic keys, personal data, or other confidential information. The vulnerability requires user interaction, specifically opening a malicious file, and does not require privileges or authentication. The CVSS v3.1 score is 5.5 (medium severity), reflecting the local attack vector, low complexity, no privileges required, but user interaction needed, and high impact on confidentiality with no impact on integrity or availability. Apple fixed the issue by implementing improved bounds checks in iOS 26, iPadOS 26, macOS Tahoe 26, and Keynote 15.1. No public exploits or active exploitation have been reported. The vulnerability highlights the risks of processing untrusted document files on mobile devices, especially in environments where sensitive data is handled. Given the widespread use of Apple devices in enterprise and government sectors, this vulnerability could be leveraged for targeted information disclosure attacks if unpatched devices open malicious Keynote presentations.

For European organizations, this vulnerability poses a confidentiality risk, particularly for sectors such as finance, government, healthcare, and legal services where sensitive data is frequently accessed on mobile Apple devices. An attacker could craft a malicious Keynote file and trick users into opening it, leading to unauthorized disclosure of memory contents that may include sensitive credentials, personal data, or proprietary information. Although the vulnerability does not allow code execution or system compromise, the leaked information could facilitate further attacks such as phishing, identity theft, or lateral movement within networks. The requirement for user interaction limits mass exploitation but targeted spear-phishing campaigns could be effective. Organizations relying heavily on iOS and iPadOS devices without timely patching are at increased risk. The impact is heightened in environments where mobile devices are used for confidential communications or document handling.

1. Deploy updates promptly: Ensure all iOS, iPadOS, macOS, and Keynote applications are updated to versions 26 and above or Keynote 15.1 or later, which contain the fix for this vulnerability. 2. User education: Train users to be cautious when opening Keynote files from untrusted or unknown sources, emphasizing the risks of malicious documents. 3. Email filtering and sandboxing: Implement advanced email security solutions that can detect and block malicious attachments or sandbox them before delivery. 4. Mobile device management (MDM): Use MDM solutions to enforce update policies and restrict installation of unapproved applications or files. 5. Network segmentation: Limit access of mobile devices to sensitive systems and data to reduce the impact of potential information disclosure. 6. Incident response readiness: Prepare to detect and respond to suspicious activities that may arise from exploitation attempts, such as unusual data access or exfiltration attempts. 7. Application whitelisting: Where feasible, restrict the use of Keynote or document apps to trusted versions and sources only.