CVE-2022-32883

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2022/Oct/28	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/39	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/40	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/45	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/49	Third Party Advisory
https://support.apple.com/en-us/HT213443	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213444	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213445	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213446	Release Notes Vendor Advisory
https://support.apple.com/kb/HT213486	Vendor Advisory
https://support.apple.com/kb/HT213488	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-668~~	NVD-CWE-noinfo

Information

Published : 2022-09-20 21:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-32883

Mitre link : CVE-2022-32883

CVE.ORG link : CVE-2022-32883

JSON object : View

Products Affected

apple

watchos
ipados
macos
iphone_os

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-32883", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-09-20T21:15:10.993", "references": [{"url": "http://seclists.org/fulldisclosure/2022/Oct/28", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/39", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/40", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/41", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/43", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/45", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/49", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213443", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213444", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213445", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213446", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/kb/HT213486", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/kb/HT213488", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information."}, {"lang": "es", "value": "Se abord\u00f3 un problema de l\u00f3gica con restricciones mejoradas. Este problema es corregido en macOS Monterey versi\u00f3n 12.6, iOS versi\u00f3n 15.7 y iPadOS versi\u00f3n 15.7, iOS versi\u00f3n 16, macOS Big Sur versi\u00f3n 11.7. Una aplicaci\u00f3n puede ser capaz de leer informaci\u00f3n de localizaci\u00f3n confidencial"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "613EE342-B8E6-4E88-B8F5-CCD918F2D704", "versionEndExcluding": "15.7"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1D9387F-63B6-41B3-8BDC-A6102EE5F1E2", "versionEndExcluding": "16.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8400BA2C-947C-40A8-AD5A-9BF477397E0D", "versionEndExcluding": "11.7", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09A274B0-D746-4C2E-A03A-CDC28DB3333E", "versionEndExcluding": "12.6", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "712A2CD4-6807-496A-8467-BFB138371E51", "versionEndExcluding": "9.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}