Sensitive Information Exposure in Apple Products
CVE-2024-23210

3.3LOW

Key Information:

Vendor: Apple
Status: iOS And iPad OS; TV OS; Watch OS; Mac OS
Vendor: CVE Published:; 23 January 2024

What is CVE-2024-23210?

This vulnerability allows apps to potentially access sensitive user information, such as phone numbers, from system logs due to inadequate redaction. This can lead to privacy concerns where unauthorized applications gain insight into personal data. Apple has addressed this issue in the latest updates for all its operating systems including iOS, macOS, watchOS, tvOS, and iPadOS, highlighting the importance of regular updates to safeguard user privacy.

Affected Version(s)

iOS and iPadOS < 17.3

macOS < 14.3

tvOS < 17.3

References

https://support.apple.com/en-us/HT214059

https://support.apple.com/en-us/HT214055

https://support.apple.com/en-us/HT214060

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Jan 12, 2024