Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
iOS and iPadOS Devices with Stolen Device Protection: Passcode Bypass Risk
CVE-2026-28895
Summary
If an attacker has access to your iPhone or iPad with biometric security enabled, they may be able to bypass the lock screen and access sensitive apps if Stolen Device Protection is turned on. This is a concern for devices that use facial recognition or fingerprint scanning. Update to iOS 26.4 or iPadOS 26.4 to fix this issue.
Original title
The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to...
Original description
The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.
Published: 25 Mar 2026 · Updated: 25 Mar 2026 · First seen: 25 Mar 2026