Apple CloudKit Entitlement Check Vulnerability Allowing User Fingerprinting

Vulnerability

A vulnerability exists in the CloudKit framework of various Apple operating systems, including visionOS 26, tvOS 26, iOS 26, iPadOS 26, and watchOS 26. This vulnerability allows apps to fingerprint users by exploiting insufficient entitlement checks. The issue has been addressed in the respective updates for each operating system.

Impact

Exploitation of this vulnerability could lead to unauthorized user fingerprinting, allowing apps to track or identify users based on their device usage or characteristics.

Added: Nov 4, 2025, 3:30 AM

Updated: Nov 4, 2025, 3:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple CloudKit Entitlement Check Vulnerability Allowing User Fingerprinting

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating