CVE-2024-44239: 
macOS vulnerability analysis and mitigation

An information disclosure vulnerability (CVE-2024-44239) was discovered affecting multiple Apple operating systems, including iOS 18.1, iPadOS 18.1, iOS 17.7.1, iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1, and visionOS 2.1. The vulnerability was discovered by security researcher Mateusz Krzywicki (@krzywix) and was publicly disclosed on October 28, 2024 (Apple iOS).

The vulnerability is an information disclosure issue in the kernel component that could allow an application to leak sensitive kernel state. The issue was addressed by Apple with improved private data redaction for log entries. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access required, low attack complexity, low privileges required, no user interaction needed, and potential for high confidentiality impact (NVD).

The vulnerability allows a malicious application to potentially leak sensitive kernel state information, which could expose system-level data that should normally be protected. This could lead to the disclosure of sensitive information about the device's operating system state (Apple iOS).

Apple has addressed this vulnerability by implementing improved private data redaction for log entries in the following security updates: iOS 18.1, iPadOS 18.1, iOS 17.7.1, iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1, and visionOS 2.1. Users are advised to update their devices to these versions to protect against potential exploitation (Apple iOS).