Logic Issue in Apple Music for Android Exposes User Data
CVE-2022-32846

7.5HIGH

Key Information:

Vendor: Apple
Status: Apple Music For Android
Vendor: CVE Published:; 27 February 2023

What is CVE-2022-32846?

A logic issue in Apple Music for Android has been identified that may enable unauthorized access to sensitive user data. This vulnerability has been addressed with improved state management in version 3.9.10 of the app. Users are encouraged to update to this version to ensure their personal information remains protected.

Affected Version(s)

Apple Music for Android < 3.9

References

https://support.apple.com/en-us/HT213473

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jun 9, 2022