PT-2026-7771 · Apple · Ios+1
Nils Hanff
+1
·
Published
2026-02-11
·
Updated
2026-02-12
·
CVE-2026-20638
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
iOS versions prior to 26.3
iPadOS versions prior to 26.3
Description
A logic issue existed where a user with Live Caller ID app extensions disabled could have identifying information leaked to those extensions. The issue was resolved through improved checks.
Recommendations
Update to iOS version 26.3 or later.
Update to iPadOS version 26.3 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ios
Ipados