CCE-50338-3Platform: cpe:/o:apple:mac_os_14 | Date: (C)2024-01-24 (M)2024-01-24 |
Apple provides a framework that allows advertisers to target Apple users and end-users with advertisements. While many people prefer that when they see advertising it is relevant to them and their interests, the detailed information that is data mining collected, correlated, and available to advertisers in repositories is often disconcerting. This information is valuable to both advertisers and attackers and has been used with other metadata to reveal users' identities. Organizations should manage advertising settings on computers rather than allow users to configure the settings.
Rationale: Organizations should manage user privacy settings on managed devices to align with organizational policies and user data protection requirements.
Impact: Users will see generic advertising rather than targeted advertising. Apple warns that this will reduce the number of relevant ads.
Remediation: Profile Method: Create or edit a configuration profile with the following information: 1. The PayloadType string is com.apple.Safari 2. The key to include is WebKitPreferences.privateClickMeasurementEnabled 3. The key must be set to: <true/>
Parameter:
[Yes/No]
Technical Mechanism:
Remediation: Profile Method: Create or edit a configuration profile with the following information: 1. The PayloadType string is com.apple.Safari 2. The key to include is WebKitPreferences.privateClickMeasurementEnabled 3. The key must be set to: true/
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97014 |