CVE-2022-46718
published 2023-06-23CVE-2022-46718: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS…
PriorityP179medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.36%
27.6th percentile
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.7.2_and_ipados | — | — |
| apple | ios_16.2_and_ipados | — | — |
| apple | ipados | < 15.7.2 | 15.7.2 |
| apple | iphone_os | < 15.7.2 | 15.7.2 |
| apple | macos | >= 11.0.0 < 11.7.2 | 11.7.2 |
| apple | macos | >= 12.0.0 < 12.6.2 | 12.6.2 |
| apple | macos | >= 13.0 < 13.1 | 13.1 |
| apple | macos | >= unspecified < 11.7 | 11.7 |
| apple | macos | >= unspecified < 13.1 | 13.1 |
| apple | macos | >= unspecified < 12.6 | 12.6 |
| apple | macos | >= unspecified < 15.7 | 15.7 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | macos_ventura | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the TCC (Transparency, Consent, and Control) component on Apple platforms; monitor for apps accessing location data without explicit user authorization via TCC ↗
- ·Fixed in iOS 15.7.2, iPadOS 15.7.2, iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, and macOS Monterey 12.6.2; systems running older versions remain vulnerable to TCC logic bypass allowing unauthorized location data access ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c229-95xm-8499: A logic issue was addressed with improved restrictions
ghsa_unreviewed·2023-06-23
CVE-2022-46718 [MEDIUM] CWE-346 GHSA-c229-95xm-8499: A logic issue was addressed with improved restrictions
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
VulnCheck
iOS and iPadOS, macOS Ventura, macOS Big Sur, and macOS Monterey App Sensitive Location Read Vulnerability
vulncheck·2022·CVSS 5.5
CVE-2022-46718 [MEDIUM] iOS and iPadOS, macOS Ventura, macOS Big Sur, and macOS Monterey App Sensitive Location Read Vulnerability
iOS and iPadOS, macOS Ventura, macOS Big Sur, and macOS Monterey App Sensitive Location Read Vulnerability
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
Affected: Apple ipados
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://support.apple.com/kb/HT213531
Apple
CVE-2022-46718: iOS 15.7.2 and iPadOS 15.7.2
vendor_apple·2022-12-13·CVSS 5.5
CVE-2022-46718 [MEDIUM] CVE-2022-46718: iOS 15.7.2 and iPadOS 15.7.2
Apple Security Update: About the security content of iOS 15.7.2 and iPadOS 15.7.2
Product: iOS 15.7.2 and iPadOS
Version: 15.7.2
CVE: CVE-2022-46718
Component: TCC
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2022-46718: iOS 16.2 and iPadOS 16.2
vendor_apple·2022-12-13·CVSS 5.5
CVE-2022-46718 [MEDIUM] CVE-2022-46718: iOS 16.2 and iPadOS 16.2
Apple Security Update: About the security content of iOS 16.2 and iPadOS 16.2
Product: iOS 16.2 and iPadOS
Version: 16.2
CVE: CVE-2022-46718
Component: TCC
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2022-46718: macOS Ventura 13.1
vendor_apple·2022-12-13·CVSS 5.5
CVE-2022-46718 [MEDIUM] CVE-2022-46718: macOS Ventura 13.1
Apple Security Update: About the security content of macOS Ventura 13.1
Product: macOS Ventura
Version: 13.1
CVE: CVE-2022-46718
Component: TCC
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2022-46718: macOS Big Sur 11.7.2
vendor_apple·2022-12-13·CVSS 5.5
CVE-2022-46718 [MEDIUM] CVE-2022-46718: macOS Big Sur 11.7.2
Apple Security Update: About the security content of macOS Big Sur 11.7.2
Product: macOS Big Sur
Version: 11.7.2
CVE: CVE-2022-46718
Component: TCC
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2022-46718: macOS Monterey 12.6.2
vendor_apple·2022-12-13·CVSS 5.5
CVE-2022-46718 [MEDIUM] CVE-2022-46718: macOS Monterey 12.6.2
Apple Security Update: About the security content of macOS Monterey 12.6.2
Product: macOS Monterey
Version: 12.6.2
CVE: CVE-2022-46718
Component: TCC
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213533https://support.apple.com/en-us/HT213534https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213533https://support.apple.com/en-us/HT213534
2023-06-23
Published
Exploited in the wild