Apple iOS and iPadOS Telephony Entitlement Check Vulnerability Allowing Access to Sensitive Data

Vulnerability

Patched

A vulnerability exists in the Telephony framework of Apple iOS and iPadOS, specifically in versions 18.7.3 and 26.2. This vulnerability allows apps to access user-sensitive data due to insufficient entitlement checks. The issue has been addressed in the same versions where it was found.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user data, including payment tokens and Safari history.

Remediation

Users can update to iOS 26.2 or iPadOS 26.2. For those on iOS 18.7.3 or iPadOS 18.7.3, the update is also available.

Added: Dec 17, 2025, 9:24 PM

Updated: Dec 17, 2025, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

3.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple iOS and iPadOS Telephony Entitlement Check Vulnerability Allowing Access to Sensitive Data

Vulnerability

Impact

Remediation

Affected Products

Apple iOS

Apple iPadOS

CVSS Scores

References

Vulnerability Rating