A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/125884 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/125886 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/125891 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Dec 2025, 20:46
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://support.apple.com/en-us/125884 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/125886 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/125891 - Release Notes, Vendor Advisory | |
| First Time |
Apple iphone Os
Apple visionos Apple ipados Apple Apple macos |
|
| CPE | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
18 Dec 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-306 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
17 Dec 2025, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-17 21:16
Updated : 2025-12-18 20:46
NVD link : CVE-2025-43428
Mitre link : CVE-2025-43428
CVE.ORG link : CVE-2025-43428
JSON object : View
Products Affected
apple
- iphone_os
- ipados
- visionos
- macos
CWE
CWE-306
Missing Authentication for Critical Function