CVE-2023-42823 is a vulnerability identified in Apple’s iOS and iPadOS platforms, where an application may gain unauthorized access to user-sensitive data. The root cause stems from insufficient sanitization of logging mechanisms, which could inadvertently expose sensitive information to apps with elevated privileges. Apple resolved this issue by improving the sanitization of logs to prevent leakage of sensitive data. The vulnerability affects multiple Apple operating systems, including iOS versions 16.7.2 and 17.1, iPadOS 16.7.2 and 17.1, macOS Sonoma 14.1, Ventura 13.6.1, Monterey 12.7.1, watchOS 10.1, and tvOS 17.1. The CVSS v3.1 base score is 2.7, indicating low severity, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), and impacting confidentiality only (C:L). The vulnerability does not affect integrity or availability. No known exploits have been reported in the wild. The CWE classification is CWE-922, which relates to improper restriction of operations within the bounds of a memory buffer or data structure, here specifically related to logging data. This vulnerability could allow a malicious app with elevated privileges to extract sensitive user data from logs if the device is unpatched.

For European organizations, the primary impact is the potential unauthorized disclosure of sensitive user data on Apple mobile devices. This could include corporate data, personal information, or credentials stored or processed on iOS and iPadOS devices. Although the vulnerability requires an app with high privileges, if exploited, it could lead to privacy breaches and data leakage, undermining compliance with GDPR and other data protection regulations. The impact on operational integrity and availability is minimal, but confidentiality compromise could damage organizational reputation and trust. Organizations with a large fleet of Apple devices, especially those used by executives or handling sensitive information, are at higher risk. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation. Attackers targeting European entities may attempt to leverage this vulnerability to gain intelligence or access sensitive data.

European organizations should prioritize deploying the Apple security updates that address CVE-2023-42823 across all affected devices, including iOS, iPadOS, macOS, watchOS, and tvOS. Enforce strict app privilege management by limiting installation of apps requiring high privileges and conducting thorough app vetting. Implement Mobile Device Management (MDM) solutions to automate patch deployment and monitor device compliance. Educate users and administrators about the importance of timely updates and the risks of installing untrusted applications. Additionally, review logging configurations and audit logs for any unusual access patterns. Employ endpoint security solutions capable of detecting anomalous app behavior. Finally, maintain an inventory of Apple devices and ensure that legacy or unsupported devices are either upgraded or isolated to reduce exposure.