CVE-2023-23505

LOW

Apple Ipados < 15.7.3 - Log Information Exposure

Title source: rule
STIX 2.1

Description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts.

References (6)

Core 6
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213598
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213599
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213603
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213604
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213605
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213606

Scores

CVSS v3 3.3
EPSS 0.0010
EPSS Percentile 28.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-532
Status published
Products (4)
apple/ipados < 15.7.3
apple/iphone_os < 15.7.3
apple/macos 11.0 - 11.7.3
apple/watchos < 9.3
Published Feb 27, 2023
Tracked Since Feb 18, 2026