Private Browsing Activity May Be Unexpectedly Saved in App Privacy Report
CVE-2023-42939

3.3LOW

Key Information:

Vendor: Apple
Status: iOS and iPadOS
Vendor: CVE Published:; 21 February 2024

What is CVE-2023-42939?

A logic flaw has been identified in Apple's iOS and iPadOS, which allows a user's private browsing sessions to be inadvertently recorded within the App Privacy Report. This functionality could potentially compromise user privacy as sensitive browsing activities may not remain confidential. The issue has been addressed in the latest available updates, specifically iOS 17.1 and iPadOS 17.1, emphasizing the importance for users to update their devices to avoid potential privacy risks.

Affected Version(s)

iOS and iPadOS < 17.1

References

https://support.apple.com/en-us/HT213982

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Sep 14, 2023