cbcvebase.
CVE-2022-46718
published 2023-06-23

CVE-2022-46718: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS…

PriorityP179medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.36%
27.6th percentile
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information

Affected

14 ranges
VendorProductVersion rangeFixed in
appleios_15.7.2_and_ipados
appleios_16.2_and_ipados
appleipados< 15.7.215.7.2
appleiphone_os< 15.7.215.7.2
applemacos>= 11.0.0 < 11.7.211.7.2
applemacos>= 12.0.0 < 12.6.212.6.2
applemacos>= 13.0 < 13.113.1
applemacos>= unspecified < 11.711.7
applemacos>= unspecified < 13.113.1
applemacos>= unspecified < 12.612.6
applemacos>= unspecified < 15.715.7
applemacos_big_sur
applemacos_monterey
applemacos_ventura

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the TCC (Transparency, Consent, and Control) component on Apple platforms; monitor for apps accessing location data without explicit user authorization via TCC
  • ·Fixed in iOS 15.7.2, iPadOS 15.7.2, iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, and macOS Monterey 12.6.2; systems running older versions remain vulnerable to TCC logic bypass allowing unauthorized location data access

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.