VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Oct 28, 2024· Updated Apr 2, 2026

CVE-2024-44278

CVE-2024-44278

Description

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1. A sandboxed app may be able to access sensitive user data in system logs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A sandboxed app may access sensitive user data from system logs due to improper redaction; patched in recent Apple OS updates.

Vulnerability

Overview CVE-2024-44278 is an information disclosure issue in Apple's operating systems. The root cause is inadequate private data redaction in log entries, allowing system logs to contain sensitive user information that should have been masked. This flaw affects iOS, iPadOS, macOS, visionOS, and watchOS versions prior to the patches released on October 28, 2024 [1][2][3][4].

Exploitation

An attacker can exploit this vulnerability by running a sandboxed app on the affected device. The app does not require elevated privileges; being sandboxed is sufficient to read system logs and extract the unredacted sensitive data. No user interaction or network access is needed, making it a local attack vector with low complexity [1].

Impact

Successful exploitation allows a malicious app to access sensitive user data that was inadvertently written to system logs. This could include personal information such as contact details, location data, or other private information, depending on what data was logged. The confidentiality impact is high, while integrity and availability are not affected, as per the CVSS score of 5.5 (Medium).

Mitigation

Apple addressed this issue by improving private data redaction in log entries. The fix is included in the following updates: iOS 17.7.1 and 18.1, iPadOS 17.7.1 and 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, and watchOS 11.1 [1][2][3][4]. Users should install these updates to protect their devices. There are no known workarounds; applying the patches is the recommended course of action.

References
  1. About the security content of macOS Sequoia 15.1 - Apple Support
  2. About the security content of iOS 18.1 and iPadOS 18.1 - Apple Support
  3. About the security content of macOS Sonoma 14.7.1 - Apple Support
  4. About the security content of macOS Ventura 13.7.1 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <17.7.1
    • (no CPE)range: 17.7.1, 18.1
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <17.7.1
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=13.0,<13.7.1
    • (no CPE)range: Sequoia 15.1, Sonoma 14.7.1, Ventura 13.7.1
  • Apple Inc./Visionos
    cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
    Range: <2.1
  • Apple Inc./watchOS
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Range: <11.1
  • Apple Inc./iOSllm-fuzzy
    Range: 17.7.1, 18.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.