CVE-2026-28878 is a privacy vulnerability affecting Apple’s iOS and iPadOS platforms, along with other Apple operating systems such as macOS Sonoma, macOS Tahoe, tvOS, visionOS, and watchOS. The vulnerability arises because an application can enumerate or list all other installed applications on a user’s device. This enumeration capability can reveal sensitive information about the user’s app usage patterns, preferences, and potentially expose them to targeted privacy attacks or profiling. The issue was addressed by Apple through updates that remove or restrict access to this sensitive data, specifically in iOS 18.7.7, iPadOS 18.7.7, and equivalent versions for other Apple OSes. The vulnerability does not appear to allow code execution or privilege escalation but compromises user privacy by leaking information that should be protected. No CVSS score has been assigned, and there are no known exploits in the wild at the time of publication. The vulnerability does not require user authentication or interaction, making it easier for a malicious app to exploit once installed. This vulnerability highlights the risks associated with app sandboxing and inter-app communication on mobile platforms, where information leakage can occur even without direct system compromise.

The primary impact of CVE-2026-28878 is on user privacy. By allowing an app to enumerate installed applications, attackers can profile users based on their app usage, which can lead to targeted phishing, social engineering, or surveillance. For organizations, this could mean exposure of sensitive operational or personal app usage data if employees use vulnerable devices. While it does not directly affect system integrity or availability, the leakage of installed app information can facilitate further attacks or data gathering. Privacy-conscious users and organizations operating in regulated industries (e.g., healthcare, finance) may face compliance risks if such data exposure occurs. The ease of exploitation—requiring only an installed malicious app—raises concerns about app vetting and supply chain security. Although no active exploits are reported, the vulnerability could be leveraged by threat actors to enhance reconnaissance or user profiling capabilities.

Organizations and users should promptly apply the security updates released by Apple, specifically iOS 18.7.7, iPadOS 18.7.7, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. Beyond patching, enterprises should enforce strict app installation policies, limiting apps to those from trusted sources and employing Mobile Device Management (MDM) solutions to control app permissions. Regular audits of installed apps and monitoring for unusual app behavior can help detect potential exploitation attempts. Developers should avoid requesting unnecessary permissions that could facilitate app enumeration. Additionally, organizations should educate users about the risks of installing untrusted apps and encourage the use of privacy features such as app privacy reports. Network-level monitoring for anomalous app behavior may also help in early detection of exploitation attempts.