Description
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may be able to access information about a user's contacts.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized contact data exposure
Action: Update
AI Analysis

Impact

A privacy flaw in macOS prevents proper redaction of personal data when log entries are generated. As a result, an application can inadvertently read contact information from system logs, exposing sensitive user data. The weakness is fundamentally an access control issue, aligning with CWE‑284, and could allow a malicious or poorly coded app to retrieve addresses, phone numbers, and other contact details from logs.

Affected Systems

All macOS Sequoia releases prior to 15.4 are impacted, as the vulnerability exists until the 15.4 update, which implements the redaction fix. The issue applies to macOS instances where applications have read access to system logs that contain contact data.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS figure of less than 1% suggests a low likelihood of exploitation. Based on the description, it is inferred that the attack vector involves a local application accessing system logs. Because the vulnerability appears to depend on an application reading system logs, the most probable attack vector is local or via a compromised app that runs with the user’s privileges. The vulnerability is not listed in the CISA KEV database, meaning no confirmed large‑scale exploits are known at this time.

Generated by OpenCVE AI on April 28, 2026 at 11:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply macOS Sequoia 15.4 or later to receive the log redaction fix.
  • Restrict the suspect application's access to contacts by revoking permissions in System Settings → Privacy → Contacts, or uninstall the app if it is not required.
  • Review system logs to ensure contact data is no longer exposed, and consider disabling logging of sensitive fields if possible.
  • Keep the OS up to date and monitor Apple advisories for related updates.

Generated by OpenCVE AI on April 28, 2026 at 11:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8973 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may be able to access information about a user's contacts.
History

Tue, 28 Apr 2026 12:00:00 +0000

Type Values Removed Values Added
Title Improper Sanitization of Contact Data in macOS Log Entries

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may be able to access information about a user's contacts.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:46.411Z

Reserved: 2025-01-17T00:00:45.003Z

Link: CVE-2025-24218

cve-icon Vulnrichment

Updated: 2025-11-03T21:09:05.111Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:19.793

Modified: 2025-11-03T21:19:35.780

Link: CVE-2025-24218

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:45:30Z

Weaknesses