CVE-2023-23505

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	15.7.3 (excluding)
Ipados	Apple	16.0 (including)	16.3 (excluding)
Iphone_os	Apple	*	15.7.3 (excluding)
Iphone_os	Apple	16.0 (including)	16.3 (excluding)
Macos	Apple	11.0 (including)	11.7.3 (excluding)
Macos	Apple	12.0.0 (including)	12.6.3 (excluding)
Macos	Apple	13.0 (including)	13.2 (excluding)
Watchos	Apple	*	9.3 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

References

https://support.apple.com/en-us/HT213598
https://support.apple.com/en-us/HT213599
https://support.apple.com/en-us/HT213603
https://support.apple.com/en-us/HT213604
https://support.apple.com/en-us/HT213605
https://support.apple.com/en-us/HT213606
https://support.apple.com/en-us/HT213598
https://support.apple.com/en-us/HT213599
https://support.apple.com/en-us/HT213603
https://support.apple.com/en-us/HT213604
https://support.apple.com/en-us/HT213605
https://support.apple.com/en-us/HT213606

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-23505
CWE	https://cwe.mitre.org/data/definitions/532.html

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References