[~]mobilehackerforhire$ hire --now
    cd ../exploit-db
    root@mhfh:~#cat /var/db/exploits/CVE-2026-20640.json
    exploits/CVE-2026-20640.md
    CVE-2026-20640iOSInfoLeakHigh

    iPhone Mirroring UI state disclosure

    affected
    < 26.3
    disclosed
    2026-02-13
    discovered
    2025-11-05
    patched
    iOS 26.3
    author
    mhfh research
    platform
    iOS

    ## description

    A vulnerability in iPhone Mirroring allows a malicious Mac application to observe UI state and take screenshots of the mirrored device without user consent.

    ## impact

    Privacy violation. Exposure of sensitive data displayed on the mirrored screen.

    ## mitigation

    Update to iOS 26.3 / macOS 26.3. Revoke Mirroring permissions for untrusted devices.

    ## proof of concept

    // Access private mirroring buffer
let mirror = MirroringSession.active()
let frame = mirror.captureFrame() // unauthorized access

    ## downloads

    mirroring-leak.swift
    Disclosure PoC (Swift)
    5 KB

    ## references