CVE-2023-32399

Vulnerability

A vulnerability exists in the cache handling of Apple operating systems, including iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4. The issue allows an app to read sensitive location information due to improper redaction of private data in log entries [1][2][4]. The advisory describes a privacy issue addressed with improved private data redaction for log entries [2].

Exploitation

Exploitation requires an app running on an affected device. The app can bypass Privacy preferences and access sensitive location data due to the cache handling flaw. No additional privileges or user interaction beyond normal app installation are required for the vulnerable code path to be reachable.

Impact

An attacker successfully exploiting this vulnerability could read sensitive location information, leading to a breach of user privacy. The impact is limited to information disclosure of location data, without evidence of escalation to other system controls.

Mitigation

Apple has released patched versions: iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4, all dated May 18, 2023 [1][2][3][4]. Users should update their devices to the latest operating system versions. No workarounds are documented.