Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.
AnalysisAI
Improper log data redaction across Apple's operating systems exposes sensitive kernel state to locally-installed applications. Vulnerable versions include iOS/iPadOS prior to 18.7.9 and 26.5, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, macOS Tahoe prior to 26.5, tvOS prior to 26.5, and watchOS prior to 26.5. Apple has released patches for all affected platforms addressing the CWE-532 (insertion of sensitive information into log file) weakness. The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the description of an app-based exploit, suggesting Apple's logging subsystem may be remotely queryable or the vector requires clarification. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity despite the high CVSS rating.
Technical ContextAI
This vulnerability stems from CWE-532 (Insertion of Sensitive Information Into Log File), where Apple's unified logging subsystem across iOS, iPadOS, macOS, tvOS, and watchOS failed to properly redact sensitive kernel state information before recording it in system logs. The unified logging framework, introduced in iOS 10 and macOS Sierra, provides a centralized logging mechanism accessible to applications via the os_log APIs. Applications with appropriate entitlements or system privileges can query these logs using the OSLogStore framework or command-line tools like 'log show'. The affected CPE entries (cpe:2.3:a:apple:ios_and_ipados, cpe:2.3:a:apple:macos, cpe:2.3:a:apple:tvos, cpe:2.3:a:apple:watchos) indicate this is a systemic issue in Apple's logging infrastructure spanning their entire operating system portfolio. Kernel state that should be redacted may include memory addresses (defeating ASLR), cryptographic material, authentication tokens, or internal data structures that reveal implementation details useful for exploit development.
RemediationAI
Apple has released patches for all affected platforms and organizations should deploy updates through standard Apple software update mechanisms. For iOS and iPadOS devices, update to version 18.7.9 or 26.5 depending on device compatibility. For macOS systems, update to macOS Sonoma 14.8.7, macOS Sequoia 15.7.7, or macOS Tahoe 26.5 based on your current major version. Apple TV devices should update to tvOS 26.5, and Apple Watch devices require watchOS 26.5. Updates can be deployed via Settings > General > Software Update on end-user devices or through Mobile Device Management (MDM) solutions for enterprise environments. Official security advisories with detailed update instructions are available at https://support.apple.com/en-us/127110 through https://support.apple.com/en-us/127119. If immediate patching is not feasible, consider compensating controls including restricting application installation to enterprise-vetted apps only through MDM policies, enabling stricter log access controls via MDM configuration profiles to limit which apps can query system logs, and implementing runtime application monitoring to detect unusual log querying behavior. These mitigations trade off user flexibility and may impact legitimate diagnostic tools but reduce the attack surface until patching is complete. No workaround fully addresses the vulnerability as the logging subsystem operates at the OS level beneath application sandboxes.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29281
GHSA-cw5m-c88q-x4pv