CVE-2022-32883

MEDIUM

iPadOS < 15.7 - Unauthorized Sensitive Location Information Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-32883. PoCs published by breakpointHQ.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2022-32883, which leverages Apple Maps to determine the physical location of a device by analyzing distance data. The PoC includes scripts to interact with the Maps app and perform geolocation triangulation.

Description

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.

Exploits (1)

nomisec WORKING POC 18 stars

by breakpointHQ · poc

https://github.com/breakpointHQ/CVE-2022-32883

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2022-32883, which leverages Apple Maps to determine the physical location of a device by analyzing distance data. The PoC includes scripts to interact with the Maps app and perform geolocation triangulation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Apple Maps (macOS)

No auth needed

Prerequisites: Apple Maps installed on macOS · Device location services enabled

MITRE ATT&CK