CVE-2022-22656 — Improper Authentication in Apple Macos

CWE-287 — Improper Authentication6 documents4 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 66.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple MAC OS X

Timeline

PublishedMar 18

Latest updateMar 19

Description

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5apple/macosunspecified — 12.3+2

▶NVDapple/macos11.6 — 11.6.5+2

▶NVDapple/mac_os_x10.15 — 10.15.7+1

🔴Vulnerability Details

GHSA

GHSA-7ppq-32xp-4x2q: An authentication issue was addressed with improved state management↗2022-03-19

▶

CVEList

CVE-2022-22656: An authentication issue was addressed with improved state management↗2022-03-18

▶

📋Vendor Advisories

Apple

CVE-2022-22656: Security Update 2022-003 Catalina↗2022-03-14

▶

Apple

CVE-2022-22656: macOS Big Sur 11.6.5↗2022-03-14

▶

Apple

CVE-2022-22656: macOS Monterey 12.3↗2022-03-14

▶