External risk intelligence

Microsoft 365 Copilot for iOS Improper Access Control Privilege Escalation

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-58617

The vulnerability affects a mobile application (Microsoft 365 Copilot for iOS). Mobile applications are client-side software typically used on end-user devices rather than acting as internet-facing services, gateways, or infrastructure. Consequently, they do not present a typical public-facing network attack surface in common deployments.

Microsoft 365 Copilot

before 2.111.4

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This critical vulnerability in Microsoft 365 Copilot for iOS could allow attackers to gain elevated privileges remotely, impacting the confidentiality, integrity, and availability of data through network access.

  • Unauthorized access can elevate privileges.
  • Affects mobile application; exposure is unlikely.
  • Confirm relevance and check for potential exposure.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this by sending specially crafted network requests to a vulnerable Microsoft 365 Copilot for iOS application. This could allow them to gain elevated privileges within the application, potentially leading to unauthorized access to sensitive information or system control.

  • Network-based entry
  • Triggered by network requests
  • Unauthorized privilege escalation

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthorized attacker to gain elevated privileges over a network. Supported conditions for this attack depend on the specific configuration and usage of Microsoft 365 Copilot for iOS. The potential impact includes unauthorized access and modification of system data and service behavior.

  • Microsoft 365 Copilot for iOS data and services.
  • Through network access to the application.
  • Elevated privileges and unauthorized access.

Operational Fix

Recommended remediation, mitigation, and detection steps

This critical vulnerability in Microsoft 365 Copilot for iOS requires immediate attention from teams responsible for mobile application management and security. The first step is to identify all iOS devices running the affected version of the application, assess their business criticality, and confirm the scope of potential exposure over the network. Subsequently, the accountable owner should be identified to plan and coordinate the remediation efforts.

  • Ownership: Mobile app management and security teams.
  • Verify: Scope of affected iOS devices and their reachability.
  • Action: Coordinate targeted application updates.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Microsoft 365 Copilot for iOS?

It is a mobile application designed for Apple iPhones that integrates artificial intelligence to assist users with productivity tasks, such as drafting documents, analyzing data, and managing communications within the Microsoft 365 ecosystem.

What does CWE-284 mean for CVE-2026-58617?

CWE-284 refers to Improper Access Control. In this specific vulnerability, it means the application fails to properly verify or restrict the permissions of a user or process, allowing an attacker to bypass security checks and perform actions they should not be authorized to do.

How is this vulnerability triggered?

An attacker triggers this bug by sending specially crafted network requests to the vulnerable application. It is important to note that normal, legitimate use of the Copilot interface by a user does not trigger this flaw; the attack requires a malicious, external network-based interaction.

Do I need to worry about this on my personal device?

According to Halo Surface Signal, this vulnerability affects a client-side mobile app rather than a public-facing server. Because it is installed on end-user devices, it typically does not present the same risks as internet-facing infrastructure. Evaluate your risk based on whether these devices connect to sensitive enterprise networks.

What is the first step to address this CVE?

Begin by identifying all iOS devices in your environment that have Microsoft 365 Copilot installed. Once identified, compare the installed version against the update threshold provided by Microsoft to determine which devices require an immediate application update through the App Store.

References