Primary

Context

Apple iOS and iPadOS AirDrop Permissions Vulnerability Allowing Access to Persistent Device Identifiers

Vulnerability

Patched

A permissions vulnerability in the AirDrop feature of Apple iOS 18.4 and iPadOS 18.4 allows apps to read persistent device identifiers. This issue has been addressed with additional restrictions on data access. The vulnerability is present in iPhone XS and later models, as well as various iPad Pro, iPad Air, iPad, and iPad mini models.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user data, specifically persistent device identifiers.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple iOS and iPadOS AirDrop Permissions Vulnerability Allowing Access to Persistent Device Identifiers

Vulnerability

Impact

Affected Products

Apple iPadOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating