Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging.
Published: 2025-11-04
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Log Redaction Bypass
Action: Apply Update
AI Analysis

Impact

A logging flaw in Apple operating systems can allow an attacker with physical access to an unlocked device that is paired with a Mac to read system logs that contain sensitive user information. The vulnerability results from a failure to properly redact personal data in log output and is classified as CWE-532. The impact is the disclosure of confidential data stored in the device’s logs, potentially including passwords, personal identifiers, or other sensitive information.

Affected Systems

The flaw affects Apple devices running iOS, iPadOS, macOS, and visionOS. Affected releases include iOS 18.7.2 and 26.1, iPadOS 18.7.2 and 26.1, macOS Sequoia 15.7.2 and Tahoe 26.1, and visionOS 26.1. Devices running any of these operating system versions are susceptible until the corresponding security updates are installed.

Risk and Exploitability

The CVSS base score of 2 indicates low severity, and the EPSS score of less than 1% shows a very low exploitation probability. The attack requires the device to be physically unlocked and paired with a Mac, which limits the threat to scenarios where an attacker can gain direct physical access. The vulnerability does not provide a remote or privileged exploit path; it merely allows reading of local logs. The lack of inclusion in the CISA KEV catalog further suggests it is not widely leveraged by adversaries.

Generated by OpenCVE AI on April 22, 2026 at 21:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest software update for the affected Apple platform—iOS 18.7.2/26.1, iPadOS 18.7.2/26.1, macOS Sequoia 15.7.2/Tahoe 26.1, and visionOS 26.1—to apply the logging redaction fix.
  • Ensure that devices are locked when not in use to prevent physical access to the unlocked device state.
  • Verify that any paired Mac is secured and that device pairing is managed through trusted devices only, reducing the opportunity for log access.

Generated by OpenCVE AI on April 22, 2026 at 21:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Title Logging Redaction Bypass on Unlocked Devices with Physical Access

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging. A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging. A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging.
References

Mon, 01 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-532

Wed, 05 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 05 Nov 2025 18:45:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging. A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging.
References

Wed, 05 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Apple macos
Apple visionos
Vendors & Products Apple
Apple ios
Apple ipad Os
Apple macos
Apple visionos

Tue, 04 Nov 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 2, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os Macos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:14:09.459Z

Reserved: 2025-04-16T15:24:37.124Z

Link: CVE-2025-43423

cve-icon Vulnrichment

Updated: 2025-11-04T15:40:10.299Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:48.180

Modified: 2026-04-02T19:20:44.100

Link: CVE-2025-43423

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T21:45:06Z

Weaknesses