CVE-2023-32392

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	16.5 (excluding)
Iphone_os	Apple	*	16.5 (excluding)
Macos	Apple	11.0 (including)	11.7.7 (excluding)
Macos	Apple	12.0.0 (including)	12.6.6 (excluding)
Macos	Apple	13.0 (including)	13.4 (excluding)
Tvos	Apple	*	16.5 (excluding)
Watchos	Apple	*	9.5 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

References

https://support.apple.com/en-us/HT213757
https://support.apple.com/en-us/HT213758
https://support.apple.com/en-us/HT213759
https://support.apple.com/en-us/HT213760
https://support.apple.com/en-us/HT213761
https://support.apple.com/en-us/HT213764
https://support.apple.com/en-us/HT213757
https://support.apple.com/en-us/HT213758
https://support.apple.com/en-us/HT213759
https://support.apple.com/en-us/HT213760
https://support.apple.com/en-us/HT213761
https://support.apple.com/en-us/HT213764

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-32392
CWE	https://cwe.mitre.org/data/definitions/532.html

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References