Main Vulnerability Database Vulnerabilities #VU124415

#VU124415 Protection mechanism failure in Apple iOS and iPadOS - CVE-2026-28895

Published: March 25, 2026

Vulnerability identifier: #VU124415

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-28895

CWE-ID: CWE-693

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to insufficient implementation of security measures in App Protection. An attacker with physical access to device with Stolen Device Protection enabled can access biometrics-gated Protected Apps with the passcode.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/126792

#VU124415 Protection mechanism failure in Apple iOS and iPadOS - CVE-2026-28895

Description

Remediation

External links

Please verify you're human