CVE-2023-27928: 
macOS vulnerability analysis and mitigation

A privacy vulnerability (CVE-2023-27928) was discovered in Apple's Identity Services component, affecting multiple Apple operating systems including macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, and macOS Big Sur 11.7.5. The vulnerability was discovered by Csaba Fitzl (@theevilbit) of Offensive Security and was patched in March 2023 (Apple Support).

The vulnerability was identified as a privacy issue in the Identity Services component where insufficient data redaction in log entries could expose sensitive information. The issue received a CVSS v3.1 base score of 3.3 (LOW) with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (NVD).

The vulnerability could allow a malicious application to access information about a user's contacts, potentially exposing sensitive personal data (Apple Support, Apple Support).

Apple addressed this vulnerability by implementing improved private data redaction for log entries. The fix was released in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, and macOS Big Sur 11.7.5. Users are advised to update their devices to these versions or later (Apple Support).