CVE-2024-23210

Published: Jan 23, 2024Modified: Apr 2, 2026

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to view a user's phone number in system logs.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Watchos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.3
Apple Iphone Os	Before 17.3
Apple Macos	From 14.0 to 14.3
Apple Tvos	Before 17.3
Apple Watchos	Before 10.3

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (14)

https://support.apple.com/en-us/120304

Source: product-security@apple.com

https://support.apple.com/en-us/120306

Source: product-security@apple.com

https://support.apple.com/en-us/120309

Source: product-security@apple.com

https://support.apple.com/en-us/120311

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Jan/33