Permissions Issue in Apple Products Affects Sensitive Payment Data
CVE-2025-46288

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Visionos; Mac OS; Watch OS
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-46288?

A permissions vulnerability affects several Apple operating systems, enabling apps to potentially access sensitive payment tokens without proper authorization. This flaw has been addressed in updates to visionOS, iOS, iPadOS, watchOS, and macOS, highlighting the importance of keeping software up to date to safeguard personal and financial information.

Affected Version(s)

iOS and iPadOS < 26.2

macOS < 26.2

visionOS < 26.2

References

https://support.apple.com/en-us/125884

https://support.apple.com/en-us/125891

https://support.apple.com/en-us/125886

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Apr 22, 2025

JSON