Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure (Sensitive Data Leakage)
Action: Patch
AI Analysis

Impact

Apple operating systems suffered from a logging flaw that caused sensitive user data to be recorded in system logs without adequate redaction. The flaw can allow an application with sufficient privileges to read such logs and retrieve private information, leading to confidentiality loss for the affected user. The weakness is categorized as Missing Access Control, which can be exploited when the application controls or reads logging data.

Affected Systems

Affected products include Appleā€™s iOS and iPadOS platforms and macOS. The issue has been corrected in iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4, so any installations of earlier releases are vulnerable.

Risk and Exploitability

The CVSS score of 5.5 classifies this as moderate. EPSS indicates a very low likelihood of exploitation, but the vulnerability is still actionable because the information it exposes can be valuable. The flaw is not currently listed in the CISA KEV catalog. Attackers would need to install a malicious or compromised application that can read system logs, or gain elevated privileges, to exploit this issue. No publicly disclosed exploits are known at this time.

Generated by OpenCVE AI on April 28, 2026 at 02:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest iOS 18.4, iPadOS 18.4, or macOS Sequoia 15.4 to receive the logging redaction fix.
  • Check local and system logs for the presence of unredacted sensitive data and remove or redact any that is found.
  • Apply any additional Apple support advisories related to logging and privacy settings if available.

Generated by OpenCVE AI on April 28, 2026 at 02:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8992 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
History

Tue, 28 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Sensitive Data Exposure via Improper Logging in Apple Operating Systems

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos

Tue, 01 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
References

Subscriptions

Apple Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:05.848Z

Reserved: 2025-01-17T00:00:44.999Z

Link: CVE-2025-24202

cve-icon Vulnrichment

Updated: 2025-04-01T16:02:01.355Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:18.293

Modified: 2025-11-03T21:19:33.480

Link: CVE-2025-24202

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:45:11Z

Weaknesses