CVE-2022-32883Improper Access Control in Apple Macos

CWE-284Improper Access ControlCWE-668Resource Exposure9 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 68.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOSApple MacosApple Ipados+2 more
Timeline
PublishedSep 20
Latest updateOct 24

Description

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5apple/macosunspecified11.7+2
NVDapple/macos11.011.7+1
NVDapple/ipados< 15.7
CVEListV5apple/iosunspecified16
NVDapple/watchos< 9.0

🔴Vulnerability Details

2
GHSA
GHSA-8356-ccjq-rwhv: A logic issue was addressed with improved restrictions2022-09-21
CVEList
CVE-2022-32883: A logic issue was addressed with improved restrictions2022-09-20

📋Vendor Advisories

6
Apple
CVE-2022-32883: macOS Ventura 132022-10-24
Apple
CVE-2022-32883: iOS 162022-09-12
Apple
CVE-2022-32883: macOS Big Sur 11.72022-09-12
Apple
CVE-2022-32883: watchOS 92022-09-12
Apple
CVE-2022-32883: iOS 15.7 and iPadOS 15.72022-09-12
CVE-2022-32883 — Improper Access Control in Apple Macos | cvebase