CVE-2022-46718

MEDIUM EXPLOITED

iOS <15.7.2 - Info Disclosure

Title source: llm

Description

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information

Exploits (1)

nomisec WRITEUP 27 stars

by biscuitehh · poc

https://github.com/biscuitehh/cve-2022-46718-leaky-location

View Code ZIP pw:eip

References (4)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213531

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213532

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213533

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213534

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 11.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitation Intel

VulnCheck KEV 2022-12-13

Classification

CWE

CWE-346

Status published

Affected Products (3)

apple/ipados < 15.7.2

apple/iphone_os < 15.7.2

apple/macos < 11.7.2

Timeline

Published Jun 23, 2023

Tracked Since Feb 18, 2026