CVE-2024-23205: An app may be able to access sensitive user data in Apple iOS and iPadOS
CVE-2024-23205 is a privacy vulnerability in Apple iOS, iPadOS, and macOS Sonoma that allowed an app to access sensitive user data due to insufficient redaction of private data in log entries. This issue was addressed by Apple with improved private data redaction in log entries. The vulnerability affects devices running versions prior to iOS 17. 4, iPadOS 17. 4, and macOS Sonoma 14. 4. Apple released official patches in these versions to mitigate the issue. The CVSS score is 5. 5 (medium severity), reflecting a local attack vector with low complexity and no user interaction required, resulting in high confidentiality impact but no integrity or availability impact. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
CVE-2024-23205 is a privacy issue in Apple’s iOS, iPadOS, and macOS Sonoma operating systems where an application could access sensitive user data due to inadequate redaction of private data in system log entries. Apple fixed this vulnerability by improving the redaction mechanisms in log entries to prevent unauthorized data exposure. The vulnerability is tracked with a CVSS 3.1 base score of 5.5, indicating a medium severity issue exploitable with local privileges and no user interaction. The fix is included in iOS 17.4, iPadOS 17.4, and macOS Sonoma 14.4 releases.
Potential Impact
An app running on affected Apple devices prior to the patched versions may be able to read sensitive user data from log entries that were not properly redacted. This could lead to unauthorized disclosure of private information. The vulnerability does not impact system integrity or availability. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Apple has released official patches addressing this vulnerability in iOS 17.4, iPadOS 17.4, and macOS Sonoma 14.4. Users and administrators should update affected devices to these versions or later to remediate the issue. No additional mitigation actions are required beyond applying the official updates.
CVE-2024-23205: An app may be able to access sensitive user data in Apple iOS and iPadOS
Description
CVE-2024-23205 is a privacy vulnerability in Apple iOS, iPadOS, and macOS Sonoma that allowed an app to access sensitive user data due to insufficient redaction of private data in log entries. This issue was addressed by Apple with improved private data redaction in log entries. The vulnerability affects devices running versions prior to iOS 17. 4, iPadOS 17. 4, and macOS Sonoma 14. 4. Apple released official patches in these versions to mitigate the issue. The CVSS score is 5. 5 (medium severity), reflecting a local attack vector with low complexity and no user interaction required, resulting in high confidentiality impact but no integrity or availability impact. There are no known exploits in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-23205 is a privacy issue in Apple’s iOS, iPadOS, and macOS Sonoma operating systems where an application could access sensitive user data due to inadequate redaction of private data in system log entries. Apple fixed this vulnerability by improving the redaction mechanisms in log entries to prevent unauthorized data exposure. The vulnerability is tracked with a CVSS 3.1 base score of 5.5, indicating a medium severity issue exploitable with local privileges and no user interaction. The fix is included in iOS 17.4, iPadOS 17.4, and macOS Sonoma 14.4 releases.
Potential Impact
An app running on affected Apple devices prior to the patched versions may be able to read sensitive user data from log entries that were not properly redacted. This could lead to unauthorized disclosure of private information. The vulnerability does not impact system integrity or availability. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Apple has released official patches addressing this vulnerability in iOS 17.4, iPadOS 17.4, and macOS Sonoma 14.4. Users and administrators should update affected devices to these versions or later to remediate the issue. No additional mitigation actions are required beyond applying the official updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-01-12T22:22:21.476Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a474d6d939959c8022411
Added to database: 11/4/2025, 6:34:53 PM
Last enriched: 4/9/2026, 10:57:01 PM
Last updated: 5/9/2026, 8:54:03 AM
Views: 49
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.