CVE-2022-32833 — Insecure Storage of Sensitive Information in Apple IOS

CWE-922 — Insecure Storage of Sensitive Information CWE-668 — Resource Exposure6 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 46.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Iphone OS Apple Macos +1 more

Timeline

PublishedDec 15

Description

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5apple/iosunspecified — 16

▶NVDapple/macos< 13.0

▶NVDapple/safari< 16.0

▶NVDapple/iphone_os< 16.0

🔴Vulnerability Details

CVEList

CVE-2022-32833: An issue existed with the file paths used to store website data↗2022-12-15

▶

GHSA

GHSA-qg5p-r35g-xqfm: An issue existed with the file paths used to store website data↗2022-12-15

▶

📋Vendor Advisories

Apple

CVE-2022-32833: macOS Ventura 13↗2022-10-24

▶

Apple

CVE-2022-32833: iOS 16↗2022-09-12

▶

Apple

CVE-2022-32833: Safari 16↗2022-09-12

▶