Primary

Context

Apple iOS and iPadOS Face ID Enrollment Passcode Requirement Vulnerability

Vulnerability

Patched

A logic vulnerability has been identified in Apple iOS and iPadOS, specifically in versions prior to 26.2. This issue arises when restoring from a backup, which may delay the requirement for a passcode immediately after enrolling in Face ID. The vulnerability could potentially be exploited by taking advantage of this delay in passcode enforcement.

Impact

Failing to require a passcode immediately after Face ID enrollment could lead to unauthorized access to features or data that are protected by the passcode.

Remediation

Users can update to iOS 26.2 or iPadOS 26.2 to address this vulnerability. These updates are available through the App Store for compatible devices.

Added: Jan 9, 2026, 10:21 PM

Updated: Jan 9, 2026, 10:21 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple iOS and iPadOS Face ID Enrollment Passcode Requirement Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apple iPadOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating