iOS UI Spoofing Vulnerability

MEDIUM (4.3) No Patch (42 days)
cwe-290appleiosipadosui-spoofingweb-applications

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 9%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The iOS 18.7.2 and iPadOS 18.7.2 update addresses an inconsistent user interface issue with improved state management. This vulnerability allows attackers to spoof the user interface by visiting a malicious website, potentially leading to unauthorized access or data theft.

Am I affected?

This is iOS 18.7.2 and iPadOS 18.7.2. Check with: xcrun -find ios --version | grep "18.7.2" (Note: This command checks the iOS version on a device running Xcode.)

Affected Products

Apple Inc. / iOS

How to fix

  1. Update to iOS 18.7.2 or later from Apple's official website: https://support.apple.com/en-us/125633
  2. Immediate mitigations:
  3. Avoid visiting suspicious websites.
  4. Regularly review and update installed apps.

References