CVE-2024-40791

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-40791

CWE

https://cwe.mitre.org/data/definitions/532.html

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a users contacts.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	17.7 (excluding)
Iphone_os	Apple	*	17.7 (excluding)
Macos	Apple	*	13.7 (excluding)
Macos	Apple	14.0 (including)	14.7 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

References

https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121250

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References