This vulnerability involves a logging issue in Apple iOS and iPadOS that caused notifications marked for deletion to be retained unexpectedly on the device. Apple fixed the issue by improving data redaction in iOS 15.8.8, iPadOS 15.8.8, iOS 16.7.16, iPadOS 16.7.16, iOS 18.7.8, iPadOS 18.7.8, iOS 26.4.2, iPadOS 26.4.2, and iPadOS 17.7.11. The CVSS score of 6.2 reflects a medium severity with local attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality impact but no impact on integrity or availability. The vulnerability is categorized under CWE-359 (Exposure of Private Information Through Persistence). There is no vendor advisory or explicit patch link provided, but the description states the issue is fixed in the specified versions.

The primary impact is that notifications intended to be deleted may remain on the device, potentially exposing sensitive information. The confidentiality of data could be compromised due to this retention. There is no impact on data integrity or system availability. No known exploits are reported in the wild, indicating limited active threat at this time.

Apple has fixed this issue in iOS and iPadOS versions 15.8.8, 16.7.16, 18.7.8, 26.4.2, and 17.7.11 as stated in the description. Users and administrators should update affected devices to these versions or later to remediate the vulnerability. Patch status is confirmed by the vendor's description. No additional mitigation steps are indicated.