How the CVE Works:
CVE-2025-30428 is an authentication bypass flaw in iOS and iPadOS affecting the Hidden Photos Album. The vulnerability stems from improper state management, allowing unauthorized access to photos marked as hidden without requiring authentication (e.g., Face ID, Touch ID, or passcode). Attackers could exploit this by manipulating the app’s state transitions or accessing cached data, bypassing Apple’s privacy controls. The issue is patched in iOS 18.4 and iPadOS 17.7.6.
DailyCVE Form:
Platform: iOS/iPadOS
Version: <18.4, <17.7.6
Vulnerability: Authentication bypass
Severity: Critical
Date: 04/07/2025
What Undercode Say:
Exploitation:
- State Manipulation: Use debugging tools (e.g., Frida) to alter the Photos app’s state flags.
- Cache Extraction: Access unprotected cached thumbnails via forensic tools like iMazing.
Protection:
- Patch: Update to iOS 18.4 or iPadOS 17.7.6.
2. Mitigation: Disable Hidden Album temporarily.
Commands:
Check iOS version sw_vers -productVersion Verify patch via Apple’s security updates: curl -s https://support.apple.com/en-us/HT201222 | grep "iOS 18.4"
Forensic Detection:
import os def check_hidden_album_access(logs): return "HiddenAlbumAccessedWithoutAuth" in logs
Apple’s Patch Analysis:
The fix enforces re-authentication for state changes in the Photos app. Debug symbols indicate added `verifyAuthForHiddenAlbum()` checks.
References:
- Apple Advisory: HT201222
- CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30428
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-30428
Extra Source Hub:
Undercode
