cbcvebase.
CVE-2022-46703
published 2023-04-10

CVE-2022-46703: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An…

PriorityP279medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.22%
12.6th percentile
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information

Affected

13 ranges
VendorProductVersion rangeFixed in
appleios_15.7.2_and_ipados
appleios_16.2_and_ipados
appleipados< 16.216.2
appleipados>= 15.0 < 15.7.215.7.2
appleiphone_os< 16.216.2
appleiphone_os>= 15.0 < 15.7.215.7.2
applemacos< 13.113.1
applemacos>= unspecified < 13.113.1
applemacos>= unspecified < 16.216.2
applemacos>= unspecified < 15.715.7
applemacos_monterey
applemacos_ventura
applewatchos

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable component is the Weather app/component on Apple platforms; monitor for third-party apps accessing Weather component data or location services via the Weather component without explicit user authorization
  • Affected component is 'Weather' across iOS, iPadOS, macOS, and watchOS; focus detection on apps invoking Weather component APIs to infer location data
  • ·This is a logic/restriction bypass in the Weather component, not a memory corruption or code execution bug; no network-based IOCs or file artifacts are expected — detection must focus on behavioral/API-level monitoring
  • ·The vulnerability affects multiple Apple OS versions across different product lines (iOS 15/16, iPadOS 15/16, macOS Monterey 12.6.2, macOS Ventura 13.1, watchOS 9.2); ensure patch coverage across all affected platforms

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.