Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive data exposure through unredacted application logs
Action: Update OS
AI Analysis

Impact

The vulnerability stems from a logging issue that fails to redact sensitive information, causing personal data to appear in logs. This data can be accessed by an application, potentially exposing confidential information. The weakness is categorized as CWE‑532, a log file information leak.

Affected Systems

Apple products are impacted, including iOS, iPadOS, macOS, and visionOS. The affected version ranges are iOS 18.7.7 and 26.3, iPadOS 18.7.7 and 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, and visionOS 26.3.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate risk, while an EPSS score below 1% suggests the exploitation likelihood is low. The vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the attack vector is inferred to be local, as an application must read device logs to exploit the flaw. Without patching, an app could obtain sensitive personal data from these logs.

Generated by OpenCVE AI on March 25, 2026 at 21:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest OS updates: iOS 18.7.7 or newer, iPadOS 18.7.7 or newer, macOS Sequoia 15.7.5 or newer, macOS Sonoma 14.8.5 or newer, macOS Tahoe 26.3 or newer, visionOS 26.3 or newer

Generated by OpenCVE AI on March 25, 2026 at 21:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Logging Issue Allowing Sensitive Data Exposure

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Wed, 25 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-532
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple visionos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple visionos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:51.214Z

Reserved: 2025-11-11T14:43:07.866Z

Link: CVE-2026-20668

cve-icon Vulnrichment

Updated: 2026-03-25T15:41:09.692Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:05.160

Modified: 2026-03-25T20:07:42.330

Link: CVE-2026-20668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:48:07Z

Weaknesses