CVE-2024-23210 is a vulnerability identified in Apple’s iOS and iPadOS platforms, as well as related operating systems such as macOS Sonoma, watchOS, and tvOS. The core issue stems from insufficient redaction of sensitive information in system logs, allowing an application to potentially access a user’s phone number. This leakage occurs because system logs, which are intended to record system events and errors, inadvertently include personally identifiable information (PII) that should have been masked or removed. The vulnerability falls under CWE-532, which relates to exposure of sensitive information through logs. The flaw requires an app to have local access to the device and some level of user interaction to trigger the logging event that exposes the phone number. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) indicates that the attack vector is local, with low complexity, no privileges required, but user interaction is necessary. The impact is limited to confidentiality, with no effect on integrity or availability. Apple addressed this issue by enhancing the redaction mechanisms in system logs, releasing patches in version 17.3 for iOS, iPadOS, macOS Sonoma, watchOS, and tvOS. There are no known exploits in the wild, and the affected versions are unspecified but presumably all versions prior to 17.3. This vulnerability highlights the importance of careful handling of sensitive data in system diagnostics and logging.

For European organizations, the primary impact of CVE-2024-23210 is the potential exposure of users’ phone numbers to unauthorized applications on Apple devices. This can lead to privacy violations, targeted phishing attacks, or social engineering campaigns leveraging the leaked phone numbers. While the vulnerability does not allow modification of data or disruption of services, the confidentiality breach could undermine user trust and violate data protection regulations such as GDPR, which mandates strict controls over personal data. Organizations relying heavily on Apple devices for communication or mobile workforce management may face increased risk if devices are not updated promptly. The risk is particularly relevant for sectors handling sensitive customer or employee data, such as finance, healthcare, and government agencies. However, the requirement for local access and user interaction limits the scope of exploitation, reducing the likelihood of widespread automated attacks.

European organizations should prioritize updating all Apple devices to iOS, iPadOS, macOS Sonoma, watchOS, and tvOS version 17.3 or later, where the vulnerability is fixed. Device management solutions should enforce mandatory OS updates and restrict installation of untrusted applications to minimize the risk of local exploitation. Monitoring and auditing of app permissions and behaviors can help detect suspicious activities attempting to access system logs. Organizations should educate users about the risks of installing unverified apps and the importance of applying updates promptly. Additionally, reviewing internal policies on logging and data redaction for enterprise apps can prevent similar issues. For highly sensitive environments, consider restricting device usage policies or deploying mobile threat defense solutions that detect anomalous app behavior related to data leakage.