Description
This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Apple / macOSunspecified – 12.6
- Apple / macOSunspecified – 11.7
- Apple / Xcodeunspecified – 14.3
References
- VENDOR_ADVISORYhttps://support.apple.com/en-us/HT213759
- VENDOR_ADVISORYhttps://support.apple.com/en-us/HT213679
- VENDOR_ADVISORYhttps://support.apple.com/en-us/HT213760