CVE-2026-28882 is a vulnerability in Apple’s iOS and iPadOS platforms that allows an application to enumerate the list of installed apps on a user’s device. This enumeration capability can reveal sensitive information about the user’s app ecosystem, which can be leveraged for profiling, targeted phishing, or further exploitation. The vulnerability arises from insufficient access control checks that previously allowed apps to query installed applications without proper authorization. Apple addressed this issue by implementing improved checks in iOS 26.4 and iPadOS 26.4, as well as in macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. The vulnerability has a CVSS v3.1 base score of 4.0, indicating a medium severity level, with an attack vector limited to local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to confidentiality (C:L), with no impact on integrity or availability. No known exploits have been reported in the wild, suggesting limited active exploitation at this time. However, the ability to enumerate installed apps can aid attackers in crafting more effective social engineering or targeted attacks by understanding the victim’s app usage patterns.

The primary impact of CVE-2026-28882 is a confidentiality breach where an attacker-controlled app can discover which applications are installed on a user’s Apple device. This information can be used to profile users, identify installed security or privacy tools, or tailor phishing and malware campaigns to specific app ecosystems. Although it does not directly compromise system integrity or availability, the information disclosure can facilitate more sophisticated attacks. Organizations with sensitive data accessed via iOS or iPadOS devices may face increased risk of targeted attacks or privacy violations. The vulnerability requires local access to the device but no special privileges or user interaction, meaning any installed malicious app could exploit it. This elevates the risk in environments where users install third-party or unvetted applications. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future exploitation.

To mitigate CVE-2026-28882, organizations and users should promptly update all affected Apple devices to iOS 26.4, iPadOS 26.4, or the corresponding patched versions of macOS Tahoe, tvOS, visionOS, and watchOS. Restricting app installation to trusted sources such as the Apple App Store and enforcing mobile device management (MDM) policies can reduce the risk of malicious apps exploiting this vulnerability. Employ app vetting and monitoring solutions to detect suspicious app behaviors that attempt to enumerate installed applications. Educate users about the risks of installing untrusted apps and encourage regular software updates. For enterprise environments, consider deploying endpoint protection solutions that monitor app permissions and behaviors. Additionally, review and tighten app permission policies to limit unnecessary app capabilities. Since the vulnerability does not require user interaction or privileges, minimizing the attack surface by controlling app installations is critical.