CVE-2022-32846

HIGH

Apple Music <3.9.10 - Info Disclosure

Title source: llm

Description

A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.

References (1)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213473

Scores

CVSS v3 7.5

EPSS 0.0040

EPSS Percentile 60.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-664

Status published

Products (1)

apple/music 3.9.10

Published Feb 27, 2023

Tracked Since Feb 18, 2026