Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data.
Published: 2025-12-12
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Updates
AI Analysis

Impact

A logging issue within Apple operating systems allowed an application to access sensitive user data that should have been redacted. The vulnerability results in the potential disclosure of private information logged by the system, leading to information compromise. It is linked to CWE-200, which concerns unauthorized disclosure of information. This flaw does not grant code execution, privilege escalation, or denial of service; it is focused solely on privacy intrusion.

Affected Systems

The affected products are Apple iOS, iPadOS, macOS, visionOS, and watchOS. The flaw resides in the operating system logging components of these OS families and is fixed in the following releases: iOS 18.7.3 and 26.2, iPadOS 18.7.3 and 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. The exact versions susceptible are those listed above; newer releases include the patch.

Risk and Exploitability

The CVSS score of 3.3 indicates low severity, and the EPSS score of less than 1% suggests a very low probability of exploitation at the time of analysis. The vulnerability is not currently listed in the CISA KEV catalog, implying limited or no known exploitation. The likely attack vector inferred from the description is that an application with local execution privileges could read logs containing unredacted sensitive data. An attacker would need to run a malicious or compromised app on the device, interact with the logging subsystem, and obtain the undredacted entries. No additional conditions or prerequisites are documented, but the effect remains confined to data disclosure rather than system compromise.

Generated by OpenCVE AI on April 28, 2026 at 10:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates that contain the logging redaction fix: iOS 18.7.3 or 26.2, iPadOS 18.7.3 or 26.2, macOS Sonoma 14.8.3 or macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2.
  • Verify that the system settings for developer logging and diagnostic collection are disabled or minimized for apps that handle sensitive data.
  • Review the OS privacy settings and restrict any applications from accessing system logs or diagnostic data when unnecessary.

Generated by OpenCVE AI on April 28, 2026 at 10:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
Title Logging Redaction Issue Exposing Sensitive User Data

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data. A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data.

Tue, 10 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-532

Tue, 10 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sonoma 14.8.3. An app may be able to access sensitive user data. A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data.
References

Tue, 16 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Dec 2025 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-532

Mon, 15 Dec 2025 21:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sonoma

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sonoma 14.8.3. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:13.189Z

Reserved: 2025-04-16T15:27:21.198Z

Link: CVE-2025-43538

cve-icon Vulnrichment

Updated: 2025-12-16T17:45:10.187Z

cve-icon NVD

Status : Modified

Published: 2025-12-12T21:15:57.490

Modified: 2026-04-02T19:21:01.657

Link: CVE-2025-43538

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:30:29Z

Weaknesses