Primary

Context

Apple iOS and iPadOS CoreServices Permission Vulnerability Allowing App to Enumerate Installed Apps

Vulnerability

Patched

A permissions vulnerability in the CoreServices component of Apple iOS 26.1 and iPadOS 26.1 allows apps to identify other applications installed by the user. This issue was resolved by implementing additional restrictions. The vulnerability affects iPhone 11 and later models, as well as various iPad models including the iPad Pro (all recent generations), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later).

Impact

Exploitation of this vulnerability could lead to unauthorized enumeration of a user's installed applications by a malicious app.

Added: Nov 4, 2025, 2:44 AM

Updated: Nov 4, 2025, 2:44 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple iOS and iPadOS CoreServices Permission Vulnerability Allowing App to Enumerate Installed Apps

Vulnerability

Impact

Affected Products

Apple iPadOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating