CVE-2022-32835Sensitive Information Exposure in Apple Watchos

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 85.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOSApple WatchosApple Iphone OS
Timeline
PublishedNov 1
Latest updateNov 2

Description

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5apple/watchosunspecified9
NVDapple/watchos< 9.0
CVEListV5apple/iosunspecified16
NVDapple/iphone_os< 16.0

🔴Vulnerability Details

2
GHSA
GHSA-x64r-97x8-7c32: This issue was addressed with improved entitlements2022-11-02
CVEList
CVE-2022-32835: This issue was addressed with improved entitlements2022-11-01

📋Vendor Advisories

2
Apple
CVE-2022-32835: iOS 162022-09-12
Apple
CVE-2022-32835: watchOS 92022-09-12
CVE-2022-32835 — Sensitive Information Exposure | cvebase