CVE-2022-32849
MEDIUMiPadOS < 15.6 - Unauthorized Sensitive Information Exposure
Title source: llmDescription
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.
References (6)
Core 6
Core References
Vendor Advisory
https://support.apple.com/en-us/HT213342
Vendor Advisory
https://support.apple.com/en-us/HT213343
Vendor Advisory
https://support.apple.com/en-us/HT213344
Vendor Advisory
https://support.apple.com/en-us/HT213345
Vendor Advisory
https://support.apple.com/en-us/HT213346
Vendor Advisory
https://support.apple.com/kb/HT213488
Scores
CVSS v3
5.5
EPSS
0.0008
EPSS Percentile
23.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (6)
apple/ipados
< 15.6
apple/iphone_os
< 15.6
apple/mac_os_x
10.15.7 (15 CPE variants)
apple/mac_os_x
< 10.15.7
apple/macos
11.0 - 11.6.8
apple/tvos
< 15.6
Published
Sep 23, 2022
Tracked Since
Feb 18, 2026