Logic Issue in Apple’s iOS and macOS Products Concerning Location Data Sharing
CVE-2022-46710

5.5MEDIUM

Key Information:

Vendor: Apple
Status: macOS; iOS and iPadOS
Vendor: CVE Published:; 10 January 2024

Summary

A logic issue in Apple's iOS, iPadOS, and macOS products allows location data to be unintentionally shared through iCloud links, even when users have disabled location metadata settings within the Share Sheet. This defect has been addressed with enhanced checks in the latest software updates, making it essential for users to upgrade to iOS 16.2, iPadOS 16.2, and macOS Ventura 13.1 to mitigate any exposure to this vulnerability.

Affected Version(s)

iOS and iPadOS < 16.2

macOS < 13.1

References

https://support.apple.com/en-us/HT213532

https://support.apple.com/en-us/HT213530

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2024
Vulnerability Reserved
Dec 7, 2022