CVE-2023-42878
First published: Wed Oct 25 2023(Updated: )
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
Credit: Kirin @Pwnrin SecuRingWojciech Regula SecuRing Computer ScienceCristian Dinca Computer ScienceRomania product-security@apple.com Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncYiğit Can YILMAZ @yilmazcanyigit Bistrit Dahal CVE-2023-42946 이준성(Junsung Lee) Cross Republic이준성(Junsung Lee) Pedro Ribeiro @pedrib1337 Agile Information SecurityVitor Pedreira @0xvhp_ Agile Information SecurityJZ Linus Henze Pinauten GmbHMickey Jin @patch1t Grzegorz Riegel Adam M. Csaba Fitzl @theevilbit Offensive SecurityMichael (Biscuit) Thomas - @social.lol @biscuit CVE-2023-42823 an anonymous researcher inooo Mingxuan Yang @PPPF00L 360 Vulnerability Research Institutehappybabywu 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research Institute 360 Vulnerability Research InstituteAdis Alic Sam Lakmaker Ting Ding James Mancz Omar Shibli Lorenzo Cavallaro Harry Lewandowski Kacper Kwapisz @KKKas_ Abhay Kailasia @abhay_kailasia Lakshmi Narain College Of Technology Bhopal IndiaPeter Nguyễn Vũ Hoàng @peternguyen14 STAR Labs SG PteZhipeng Huo @R3dF09 Tencent Security Xuanwu LabNoah Roskin-Frazee Pr Tomi Tokics @tomitokics iTomsn0w
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <14.1 | 14.1 |
| Apple iOS, iPadOS, and watchOS | <10.1 | 10.1 |
| iPadOS | <17.1 | |
| iPhone OS | <17.1 | |
| macOS | =14.0 | |
| Apple iOS, iPadOS, and watchOS | <10.1 | |
| Apple iOS and iPadOS | <17.1 | 17.1 |
| Apple iOS, iPadOS, and macOS | <17.1 | 17.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213984 (Advisory)
- https://support.apple.com/en-us/HT213988 (Advisory)
- https://support.apple.com/en-us/HT213982 (Advisory)
- https://support.apple.com/kb/HT213982
- https://support.apple.com/kb/HT213988
- https://support.apple.com/en-us/109048 (Advisory)
- https://support.apple.com/en-us/109052 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-30774
- CVE-2023-40444
- CVE-2023-42952
- CVE-2023-42945
- CVE-2023-41072
- CVE-2023-42857
- CVE-2023-40449
- CVE-2023-42823
- CVE-2023-41989
- CVE-2023-42854
- CVE-2023-40413
- CVE-2023-42834
- CVE-2023-42844
- CVE-2023-42953
- CVE-2023-40416
- CVE-2023-42848
- CVE-2023-40423
- CVE-2023-38403
- CVE-2023-42849
- CVE-2023-42850
- CVE-2023-40446
- CVE-2023-42942
- CVE-2023-42861
- CVE-2023-42935
- CVE-2023-40408
- CVE-2023-40405
- CVE-2023-28826
- CVE-2023-42856
- CVE-2023-40404
- CVE-2023-42859
- CVE-2023-42877
- CVE-2023-42840
- CVE-2023-42853
- CVE-2023-42860
- CVE-2023-42889
- CVE-2023-42847
- CVE-2023-42845
- CVE-2023-42841
- CVE-2023-42873
- CVE-2023-42838
- CVE-2023-42835
- CVE-2023-41977
- CVE-2023-42438
- CVE-2023-42836
- CVE-2023-42839
- CVE-2023-42878
- CVE-2023-41982
- CVE-2023-41997
- CVE-2023-41988
- CVE-2023-42946
- CVE-2023-36191
- CVE-2023-40421
- CVE-2023-42842
- CVE-2023-4733
- CVE-2023-4734
- CVE-2023-4735
- CVE-2023-4736
- CVE-2023-4738
- CVE-2023-4750
- CVE-2023-4751
- CVE-2023-4752
- CVE-2023-4781
- CVE-2023-41254
- CVE-2023-40447
- CVE-2023-41976
- CVE-2023-42852
- CVE-2023-42843
- CVE-2023-41983
- CVE-2023-41975
- CVE-2023-42858
- CVE-2023-42846
- CVE-2023-42928
- CVE-2023-42951
- CVE-2023-42855
- CVE-2023-40445
- CVE-2023-42939
Frequently Asked Questions
What is the severity of CVE-2023-42878?
CVE-2023-42878 is classified as a privacy vulnerability that could allow unauthorized access to sensitive user data.
How do I fix CVE-2023-42878?
To fix CVE-2023-42878, update your affected devices to iOS 17.1, iPadOS 17.1, macOS Sonoma 14.1, or watchOS 10.1.
Which devices are affected by CVE-2023-42878?
CVE-2023-42878 affects devices running iOS up to 17.0, iPadOS up to 17.0, macOS 14.0, and watchOS up to 10.0.
What type of issue is CVE-2023-42878?
CVE-2023-42878 is a privacy issue related to insufficient redaction of sensitive data in log entries.
What does CVE-2023-42878 allow unauthorized apps to do?
CVE-2023-42878 may allow unauthorized apps to access sensitive user data via the Share Sheet.
- agent/first-publish-date
- agent/type
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/trending
- agent/source
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- alias/CVE-2023-42839
- alias/CVE-2023-42878
- alias/CVE-2023-41982
- alias/CVE-2023-41997
- alias/CVE-2023-41988
- alias/CVE-2023-42946
- alias/CVE-2023-41254
- alias/CVE-2023-40447
- alias/CVE-2023-41976
- alias/CVE-2023-42852
- alias/CVE-2023-42849
- alias/CVE-2023-42942
- alias/CVE-2023-40408
- alias/CVE-2023-42846
- alias/CVE-2023-42834
- alias/CVE-2023-42953
- alias/CVE-2023-42848
- alias/CVE-2023-40413
- agent/references
- agent/author
- agent/description
- collector/nvd-api
- source/NVD
- agent/tags
- agent/softwarecombine
- alias/CVE-2023-40445
- alias/CVE-2023-42843
- alias/CVE-2023-42939
- alias/CVE-2023-41983
- alias/CVE-2023-42845
- alias/CVE-2023-42841
- alias/CVE-2023-42873
- alias/CVE-2023-42951
- alias/CVE-2023-42836
- alias/CVE-2023-42855
- alias/CVE-2023-41072
- alias/CVE-2023-42857
- alias/CVE-2023-40449
- alias/CVE-2023-42823
- alias/CVE-2023-42928
- alias/CVE-2023-40416
- alias/CVE-2023-40423
- alias/CVE-2023-40446
- alias/CVE-2023-42847
- vendor/apple
- canonical/apple macos
- canonical/apple ios, ipados, and watchos
- canonical/ipados
- canonical/iphone os
- canonical/macos
- version/macos/14.0
- canonical/apple ios and ipados
- canonical/apple ios, ipados, and macos