CVE-2023-32411

Vulnerability

CVE-2023-32411 is a privacy vulnerability affecting Apple operating systems, specifically tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5, and iPadOS 16.5 [1][2][3][4]. The issue exists in the handling of log entries, where private data is not adequately redacted, allowing an app to bypass Privacy preferences [1][2][4]. The tvOS advisory slightly differs, noting the issue is addressed with improved checks related to entitlements [3].

Exploitation

An attacker would need to have an app installed on the affected device. No further authentication or network position is required beyond the app’s existing sandbox. By crafting the app to access or trigger certain log entries, the app could read private data that should have been redacted, thereby bypassing the privacy protections set by the user [1][2][4].

Impact

A malicious app can gain access to private user data that is normally protected by Privacy preferences, leading to unauthorized disclosure of information. This compromises the confidentiality of user data, potentially exposing sensitive information such as contacts, location, or other personal details depending on the log content. The attack does not appear to escalate privileges beyond the app’s sandbox but defeats the user’s privacy controls [1][2][4].

Mitigation

Apple released fixes on May 18, 2023, in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5, and iPadOS 16.5 [1][2][3][4]. Users should update their devices to these or later versions. No workaround is provided by Apple; applying the updates is the only mitigation. There is no indication this CVE is listed in CISA’s Known Exploited Vulnerabilities catalog as of the publication date.