CVE-2025-30447

CVE-2025-30447 is a vulnerability in Apple's operating systems due to a logging issue where sensitive user data is not properly redacted from logs. This issue affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS versions prior to the fixes released on March 31, 2025 [2][4].

An app running on the device may be able to access these logs, thereby gaining access to sensitive user data. The exploitation requires the app to be installed and executed on the device, but no special privileges beyond normal app sandbox are needed. The vulnerability is present in logging mechanisms that fail to redact sensitive information.

The impact is that an attacker with an app on the device could extract sensitive user data, such as personal information or credentials, from log entries. This could lead to privacy breaches or further compromise.

Apple has addressed the issue by improving data redaction in logging. The fixes are included in iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, and watchOS 11.4 [2][4]. Users are advised to update to the latest versions.