Logic Issue in Safari and Other Apple Products Exposed User Data
CVE-2022-46698

6.5MEDIUM

Key Information:

Vendor: Apple
Status: Icloud For Windows; TV OS; Watch OS
Vendor: CVE Published:; 15 December 2022

Summary

A logic issue present in multiple Apple products was identified affecting the processing of web content. By leveraging this vulnerability, attackers could exploit improperly validated requests, potentially leading to the disclosure of sensitive user information. This issue has been addressed with improved checks in the affected versions, notably enhancing security across various platforms including macOS, iOS, iPadOS, and Safari.

Affected Version(s)

iCloud for Windows < 14.1

tvOS < 16.2

tvOS < 13.1

References

https://support.apple.com/en-us/HT213535

https://support.apple.com/en-us/HT213532

https://support.apple.com/en-us/HT213538

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2022
Vulnerability Reserved
Dec 7, 2022