Vulnerability CVE-2022-32913

Vulnerability Name:

CVE-2022-32913 (CCN-238809)

Assigned:

2022-10-24

Published:

2022-10-24

Updated:

2022-11-03

Summary:

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera.

CVSS v3 Severity:

3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2022-32913

Source: XF
Type: UNKNOWN
apple-ventura-cve202232913-sec-bypass(238809)

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT213443

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT213444

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT213446

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT213486

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT213487

Source: CCN
Type: Apple security document HT213488
About the security content of macOS Ventura 13

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT213488

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 16.0)

OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 12.0.0 and < 12.6)

OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.7)

OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 9.0)

OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 16.0)

Denotes that component is vulnerable

BACK