CVE-2022-42843 — Sensitive Information Exposure in Apple Tvos

CWE-200 — Sensitive Information Exposure CWE-668 — Resource Exposure6 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 73.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Tvos Apple Watchos Apple Ipados +5 more

Timeline

PublishedDec 15

Description

This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶Appleapple/macos_ventura13.1

▶CVEListV5apple/tvosunspecified — 16.2+1

▶NVDapple/tvos< 16.2

▶NVDapple/ipados< 16.2

▶CVEListV5apple/watchosunspecified — 9.2

🔴Vulnerability Details

GHSA

GHSA-4hf4-g256-gxvm: This issue was addressed with improved data protection↗2022-12-15

▶

📋Vendor Advisories

Apple

CVE-2022-42843: iOS 16.2 and iPadOS 16.2↗2022-12-13

▶

Apple

CVE-2022-42843: watchOS 9.2↗2022-12-13

▶

Apple

CVE-2022-42843: macOS Ventura 13.1↗2022-12-13

▶

Apple

CVE-2022-42843: tvOS16.2↗2022-12-13

▶