Primary

Context

Apple NetworkExtension Entitlement Check Vulnerability Allowing App Enumeration of Installed Apps

Vulnerability

Patched

A vulnerability exists in the NetworkExtension framework of Apple products, including visionOS, tvOS, iPadOS, and macOS Sequoia. This vulnerability allows apps to enumerate a user's installed applications, potentially leading to unauthorized access or misuse of sensitive information. The issue arises from insufficient entitlement checks, which have been addressed in the latest software updates.

Impact

Exploitation of this vulnerability could allow an app to access information about all other apps installed on the device, which could be used to infer sensitive user data or application usage patterns.

Remediation

Users can update to the latest versions of iOS, iPadOS, tvOS, macOS Sequoia, or visionOS to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple NetworkExtension Entitlement Check Vulnerability Allowing App Enumeration of Installed Apps

Vulnerability

Impact

Remediation

Affected Products

Apple tvOS

Apple visionOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating