EUVD-2025-208977CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.
AnalysisAI
A path handling vulnerability in iOS and iPadOS allows users with physical access to an iOS device to bypass Activation Lock through improved validation gaps in path handling logic. This authentication bypass affects iOS versions prior to 18.7.7 and 26.2, as well as corresponding iPadOS releases. While no CVSS score or EPSS data is publicly available, the physical access requirement and authentication bypass nature indicate a meaningful risk to device security and stolen device protection.
Technical ContextAI
The vulnerability stems from inadequate path validation in iOS and iPadOS's Activation Lock mechanism, which is the authentication framework preventing unauthorized access to Apple devices after factory reset. The affected technology involves the device's path handling routines (likely within the boot or authentication subsystem) that fail to properly validate or sanitize file paths during the lock verification process. Per CPE designation (cpe:2.3:a:apple:ios_and_ipados), this affects the core iOS and iPadOS operating system rather than a discrete application component. While no explicit CWE is assigned, this aligns with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) or CWE-434 (Unrestricted Upload of File with Dangerous Type), indicating insufficient path canonicalization or validation logic.
RemediationAI
Immediately update iOS or iPadOS to version 18.7.7 or 26.2 or later via Settings > General > Software Update. For organizations managing iOS devices, deploy mandatory mobile device management (MDM) policies enforcing automatic security updates and restrict physical device access to authorized personnel only. Until patching is complete, enable additional security measures such as longer alphanumeric Activation Lock credentials, two-factor authentication on associated Apple ID accounts, and physical device monitoring to prevent unauthorized possession. Users should also enable Find My iPhone and ensure their Apple ID password is unique and secure to prevent credential-based Activation Lock bypass attempts that may accompany this vulnerability. Refer to Apple's official security advisories at https://support.apple.com/en-us/125884 and https://support.apple.com/en-us/126793 for detailed update instructions.
More from same product – last 7 days
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock
Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape
Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root
Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r
Share
External POC / Exploit Code
Leaving vuln.today