CVE-2023-23541

Published: May 8, 2023Modified: Jan 29, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts.

Affected (4)

Products: Apple: Ipados, Iphone Os

Apple

2 products

Ipados

Iphone Os

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 15.7.4
Apple Ipados	From 16.0 to 16.4
Apple Iphone Os	Before 15.7.4
Apple Iphone Os	From 16.0 to 16.4

Related CWEs

CWE-922

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (4)

https://support.apple.com/en-us/HT213673

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213676

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213673

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213676

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.