VYPR
← All advisories
Low severity3.3NVD Advisory· Published Mar 8, 2024· Updated Apr 2, 2026

CVE-2024-23291

CVE-2024-23291

Description

A malicious app could observe user data in log entries related to accessibility notifications due to insufficient redaction, fixed in Apple OS updates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A malicious app could observe user data in log entries related to accessibility notifications due to insufficient redaction, fixed in Apple OS updates.

A privacy issue in Apple operating systems allowed a malicious app to observe user data in log entries related to accessibility notifications. The root cause was that private data was not properly redacted from these log entries [1].

An attacker would need to have a malicious app installed on the device to exploit this vulnerability. No additional authentication or network access is required beyond the app's presence on the system. The vulnerability is present in log entries generated by accessibility notifications.

Successful exploitation could allow the malicious app to view sensitive user data that would otherwise be hidden. This includes information related to accessibility features, which may reveal personal details about the user.

Apple addressed this issue in iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, and watchOS 10.4 by improving private data redaction for log entries [2].

References
  1. About the security content of macOS Sonoma 14.4 - Apple Support
  2. About the security content of macOS Sonoma 14.4 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

15

News mentions

0

No linked articles in our index yet.