Impact
A logging issue within Apple operating systems resulted in insufficient redaction, allowing a malicious or compromised application to access sensitive user data that should have been hidden from logs. The vulnerability is classified as an Information Disclosure flaw (CWE-200). No code execution, privilege escalation, or denial of service capabilities are provided by this defect; the impact is limited to the disclosure of private information stored in system logs.
Affected Systems
The affected products are Apple iOS, iPadOS, macOS, visionOS, and watchOS. The flaw resides in the operating system logging components of these OS families and is fixed in the following releases: iOS 18.7.3 and 26.2, iPadOS 18.7.3 and 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. The exact versions susceptible are those listed above; newer releases include the patch.
Risk and Exploitability
The CVSS score of 3.3 indicates low severity, and the EPSS score of 3% indicates a low probability of exploitation at the time of analysis. The vulnerability is not currently listed in the CISA KEV catalog, implying limited or no known exploitation. The likely attack vector inferred from the description is that an application with local execution privileges could read logs containing unredacted sensitive data. An attacker would need to run a malicious or compromised app on the device, interact with the logging subsystem, and obtain the unredacted entries. No additional conditions or prerequisites are documented, but the effect remains confined to data disclosure rather than system compromise.
OpenCVE Enrichment