Primary

Context

Apple DeviceLink Directory Path Parsing Vulnerability Allowing Access to Sensitive User Data

Vulnerability

Patched

A vulnerability exists in the DeviceLink component of multiple Apple operating systems, including iOS, iPadOS, macOS Sequoia, macOS Sonoma, and visionOS. This vulnerability arises from a parsing issue in the handling of directory paths, which may allow an application to access sensitive user data. The issue has been addressed with improved path validation.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user data by applications.

Remediation

Users can update to iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, or visionOS 26.4 to address this vulnerability.

Added: Mar 25, 2026, 1:41 AM

Updated: Mar 25, 2026, 1:41 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.8

exploitability

3.3

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.8

exploitability

3.3

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple DeviceLink Directory Path Parsing Vulnerability Allowing Access to Sensitive User Data

Vulnerability

Impact

Remediation

Affected Products

Apple iPadOS

Apple macOS Sequoia

Apple macOS Sonoma

Apple macOS Tahoe

Apple visionOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating