Abhay_Kailasia

A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted content from the lock screen.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.4 iPadOS versions prior to 18.4 **Description** An issue allows an attacker to potentially use Siri to enable Auto-Answer Calls. This could be exploited on a locked device. The estimated number of potentially affected devices is not specified. **Recommendations** For iOS versions prior to 18.4, update to iOS 18.4 to resolve the issue. For iPadOS versions prior to 18.4, update to iPadOS 18.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.3 iPadOS versions prior to 18.3 **Description** An authentication issue was addressed with improved state management. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked. The issue is related to the Accessibility component and its authorization mechanism, which may allow an attacker to gain unauthorized access to protected information. **Recommendations** For iOS versions prior to 18.3, update to iOS 18.3 to resolve the issue. For iPadOS versions prior to 18.3, update to iPadOS 18.3 to resolve the issue. As a temporary workaround, consider restricting physical access to devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17.5 iPadOS versions prior to 17.5 **Description** This issue was addressed through improved state management. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen. **Recommendations** For iOS versions prior to 17.5, update to iOS 17.5 to resolve the issue. For iPadOS versions prior to 17.5, update to iPadOS 17.5 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: iPadOS versions prior to 17.7.3 iOS versions prior to 18.2 iPadOS versions prior to 18.2 Description: The issue allows an attacker with physical access to an iOS device to view notification content from the lock screen. This is possible due to insufficient logic in handling lock screen notifications. The estimated number of potentially affected devices worldwide is not specified. Recommendations: For iPadOS versions prior to 17.7.3, update to iPadOS 17.7.3 or later. For iOS versions prior to 18.2, update to iOS 18.2 or later. For iPadOS versions prior to 18.2, update to iPadOS 18.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.2 watchOS versions prior to 11.2 visionOS versions prior to 2.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 **Description** The issue is related to the Password Autofill component in the mentioned operating systems and is caused by a lack of authorization. This may allow an attacker to read and write arbitrary files. The problem may cause the password autofill function to fill in passwords even after authentication has failed. **Recommendations** For macOS versions prior to 15.2, update to macOS Sequoia 15.2. For watchOS versions prior to 11.2, update to watchOS 11.2. For visionOS versions prior to 2.2, update to visionOS 2.2. For iOS versions prior to 18.2, update to iOS 18.2. For iPadOS versions prior to 18.2, update to iPadOS 18.2.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.1 iPadOS versions prior to 18.1 **Description** The issue allows an attacker with physical access to potentially access contact photos from the lock screen. This is possible due to insufficient restrictions on options offered on a locked device. **Recommendations** For iOS versions prior to 18.1, update to iOS 18.1 or later to resolve the issue. For iPadOS versions prior to 18.1, update to iPadOS 18.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.1 iPadOS versions prior to 18.1 **Description** The issue allows an attacker to view restricted content from the lock screen due to inadequate state management. This has been addressed through improved state management. **Recommendations** For iOS versions prior to 18.1, update to iOS 18.1 to resolve the issue. For iPadOS versions prior to 18.1, update to iPadOS 18.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18 iPadOS versions prior to 18 **Description** This issue allows an attacker to see recent photos without authentication in Assistive Access. The issue was addressed by restricting options offered on a locked device. **Recommendations** For iOS versions prior to 18, update to iOS 18 to resolve the issue. For iPadOS versions prior to 18, update to iPadOS 18 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18 iPadOS versions prior to 18 **Description** This issue was addressed through improved state management. An attacker with physical access may be able to use Siri to access sensitive user data. **Recommendations** For iOS versions prior to 18, update to iOS 18 to resolve the issue. For iPadOS versions prior to 18, update to iPadOS 18 to resolve the issue. As a temporary workaround, consider restricting access to Siri until a patch is available.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 10.6 iOS versions prior to 17.6 iOS versions prior to 16.7.9 iPadOS versions prior to 17.6 iPadOS versions prior to 16.7.9 macOS Ventura versions prior to 13.6.8 **Description** The issue was addressed with improved checks. An attacker may be able to view restricted content from the lock screen. **Recommendations** For watchOS versions prior to 10.6, update to watchOS 10.6. For iOS versions prior to 17.6, update to iOS 17.6. For iOS versions prior to 16.7.9, update to iOS 16.7.9. For iPadOS versions prior to 17.6, update to iPadOS 17.6. For iPadOS versions prior to 16.7.9, update to iPadOS 16.7.9. For macOS Ventura versions prior to 13.6.8, update to macOS Ventura 13.6.8.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17.5 iPadOS versions prior to 17.5 **Description** A privacy issue was addressed by moving sensitive data to a more secure location. A malicious application may be able to determine a user's current location. **Recommendations** For iOS versions prior to 17.5, update to iOS 17.5 to resolve the issue. For iPadOS versions prior to 17.5, update to iPadOS 17.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17.1 iPadOS versions prior to 17.1 **Description** A logic issue was addressed with improved checks. This issue may cause a user's private browsing activity to be unexpectedly saved in the App Privacy Report. **Recommendations** For iOS versions prior to 17.1, update to iOS 17.1 to resolve the issue. For iPadOS versions prior to 17.1, update to iPadOS 17.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17 iPadOS versions prior to 17 **Description** This issue allows a person with physical access to a device to potentially access private calendar information using VoiceOver. The issue was addressed with improved redaction of sensitive information. **Recommendations** For iOS versions prior to 17, update to iOS 17 to resolve the issue. For iPadOS versions prior to 17, update to iPadOS 17 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17 iPadOS versions prior to 17 **Description** The issue allows an app to potentially access sensitive user data due to improper handling of caches. This has been addressed with improved cache handling. **Recommendations** For iOS versions prior to 17, update to iOS 17 to resolve the issue. For iPadOS versions prior to 17, update to iPadOS 17 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.4 iPadOS versions prior to 16.4 **Description** A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen. This issue was addressed by restricting options offered on a locked device. **Recommendations** For iOS versions prior to 16.4, update to iOS 16.4 to resolve the issue. For iPadOS versions prior to 16.4, update to iPadOS 16.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.5 iPadOS versions prior to 15.5 **Description** The issue was addressed with improved checks. Processing a large input may lead to a denial of service. **Recommendations** For iOS versions prior to 15.5, update to iOS 15.5 to resolve the issue. For iPadOS versions prior to 15.5, update to iPadOS 15.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.1 iPadOS versions prior to 15.1 **Description** A lock screen issue allowed unauthorized access to contacts on a locked device. This was possible due to inadequate state management. A local attacker could potentially view contacts from the lock screen. **Recommendations** For iOS versions prior to 15.1, update to iOS 15.1 or later to resolve the issue. For iPadOS versions prior to 15.1, update to iPadOS 15.1 or later to resolve the issue.