CVE-2023-42946

Vulnerability

The vulnerability (CVE-2023-42946) exists in tvOS before 17.1, watchOS before 10.1, macOS Sonoma before 14.1, iOS before 17.1, and iPadOS before 17.1. An app may be able to leak sensitive user information due to insufficient redaction of sensitive data in system logging or similar mechanisms. The issue was addressed with improved redaction of sensitive information [1][2][3][4].

Exploitation

An attacker would need to have an app installed on the affected device. The app could potentially access sensitive user data that was not properly redacted. No additional privileges or user interaction beyond installing the app may be required. The exact attack vector is not disclosed but could involve the app reading logs or other system data containing sensitive information.

Impact

A malicious app may be able to access and leak sensitive user information, potentially including personal data, credentials, or other confidential details. The impact is information disclosure, compromising user privacy.

Mitigation

Apple released fixes in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1 on October 25, 2023 [1][2][3][4]. Users should update their devices to the latest versions. No workarounds are documented; updates are the recommended mitigation.