CVE-2024-23205

Published: Mar 8, 2024Modified: Apr 2, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access sensitive user data.

Affected (3)

Products: Apple: Ipad Os, Iphone Os, Macos

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Ipad Os	Before 17.4
Apple Iphone Os	Before 17.4
Apple Macos	From 14.0 to 14.4

Related CWEs

CWE-922

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (7)

https://support.apple.com/en-us/120893

Source: product-security@apple.com

https://support.apple.com/en-us/120895

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Mar/21