CVE-2024-44205

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	16.7.9 (excluding)
Ipados	Apple	17.0 (including)	17.6 (excluding)
Iphone_os	Apple	*	16.7.9 (excluding)
Iphone_os	Apple	17.0 (including)	17.6 (excluding)
Macos	Apple	*	12.7.6 (excluding)
Macos	Apple	13.0 (including)	13.6.8 (excluding)
Macos	Apple	14.0 (including)	14.6 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

References

https://support.apple.com/en-us/120908
https://support.apple.com/en-us/120909
https://support.apple.com/en-us/120910
https://support.apple.com/en-us/120911
https://support.apple.com/en-us/120912

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-44205
CWE	https://cwe.mitre.org/data/definitions/532.html

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References