CVE-2024-44239

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	17.7.1 (excluding)
Ipados	Apple	18.0 (including)	18.0 (including)
Iphone_os	Apple	*	17.7.1 (excluding)
Iphone_os	Apple	18.0 (including)	18.0 (including)
Macos	Apple	*	13.7.1 (excluding)
Macos	Apple	14.0 (including)	14.7.1 (excluding)
Tvos	Apple	*	18.1 (excluding)
Visionos	Apple	*	2.1 (excluding)
Watchos	Apple	*	11.1 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

References

https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121565
https://support.apple.com/en-us/121566
https://support.apple.com/en-us/121567
https://support.apple.com/en-us/121568
https://support.apple.com/en-us/121569
https://support.apple.com/en-us/121570
http://seclists.org/fulldisclosure/2024/Oct/10
http://seclists.org/fulldisclosure/2024/Oct/11
http://seclists.org/fulldisclosure/2024/Oct/12
http://seclists.org/fulldisclosure/2024/Oct/13
http://seclists.org/fulldisclosure/2024/Oct/15
http://seclists.org/fulldisclosure/2024/Oct/16

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-44239
CWE	https://cwe.mitre.org/data/definitions/532.html

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References