CVE-2024-44166: 
macOS vulnerability analysis and mitigation

A privacy issue was discovered in macOS that could allow an app to access user-sensitive data through log entries. The vulnerability (CVE-2024-44166) was reported by Kirin (@Pwnrin) and LFY (@secsys) from Fudan University and affects macOS Ventura, macOS Sonoma, and macOS Sequoia. The issue was fixed in macOS Ventura 13.7, macOS Sonoma 14.7, and macOS Sequoia 15 released on September 16, 2024 (Apple Advisory, NVD).

The vulnerability stems from insufficient private data redaction in log entries within System Settings. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit, potentially resulting in high confidentiality impact (NVD).

The vulnerability allows a malicious application to access sensitive user data through system log entries. This could potentially expose private user information to unauthorized applications running on the affected system (Apple Advisory).

Apple has addressed this vulnerability by improving private data redaction for log entries in the affected systems. Users are advised to update to macOS Ventura 13.7, macOS Sonoma 14.7, or macOS Sequoia 15 to protect against this vulnerability (Apple Advisory).