ID

VAR-202210-1474


CVE

CVE-2022-32913


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022851

DESCRIPTION

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera. iOS , macOS , tvOS Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-32913 // JVNDB: JVNDB-2022-022851 // VULHUB: VHN-425002

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7

Trust: 1.0

vendor:アップルmodel:watchosscope:eqversion:9.0

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-022851 // NVD: CVE-2022-32913

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32913
value: LOW

Trust: 1.0

NVD: CVE-2022-32913
value: LOW

Trust: 0.8

CNNVD: CNNVD-202210-1628
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2022-32913
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-32913
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022851 // CNNVD: CNNVD-202210-1628 // NVD: CVE-2022-32913

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022851 // NVD: CVE-2022-32913

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1628

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1628

PATCH

title:HT213487 Apple  Security updateurl:https://support.apple.com/en-us/HT213443

Trust: 0.8

title:Apple macOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212968

Trust: 0.6

sources: JVNDB: JVNDB-2022-022851 // CNNVD: CNNVD-202210-1628

EXTERNAL IDS

db:NVDid:CVE-2022-32913

Trust: 3.3

db:JVNDBid:JVNDB-2022-022851

Trust: 0.8

db:AUSCERTid:ESB-2022.5462

Trust: 0.6

db:AUSCERTid:ESB-2022.5473

Trust: 0.6

db:AUSCERTid:ESB-2022.5300

Trust: 0.6

db:CNNVDid:CNNVD-202210-1628

Trust: 0.6

db:VULHUBid:VHN-425002

Trust: 0.1

sources: VULHUB: VHN-425002 // JVNDB: JVNDB-2022-022851 // CNNVD: CNNVD-202210-1628 // NVD: CVE-2022-32913

REFERENCES

url:https://support.apple.com/en-us/ht213488

Trust: 2.3

url:https://support.apple.com/en-us/ht213443

Trust: 1.7

url:https://support.apple.com/en-us/ht213444

Trust: 1.7

url:https://support.apple.com/en-us/ht213446

Trust: 1.7

url:https://support.apple.com/en-us/ht213486

Trust: 1.7

url:https://support.apple.com/en-us/ht213487

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32913

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-32913/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5462

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5473

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5300

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-39702

Trust: 0.6

sources: VULHUB: VHN-425002 // JVNDB: JVNDB-2022-022851 // CNNVD: CNNVD-202210-1628 // NVD: CVE-2022-32913

SOURCES

db:VULHUBid:VHN-425002
db:JVNDBid:JVNDB-2022-022851
db:CNNVDid:CNNVD-202210-1628
db:NVDid:CVE-2022-32913

LAST UPDATE DATE

2024-08-14T12:09:57.416000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-425002date:2022-11-03T00:00:00
db:JVNDBid:JVNDB-2022-022851date:2023-11-21T02:27:00
db:CNNVDid:CNNVD-202210-1628date:2022-11-04T00:00:00
db:NVDid:CVE-2022-32913date:2022-11-03T15:02:11.587

SOURCES RELEASE DATE

db:VULHUBid:VHN-425002date:2022-11-01T00:00:00
db:JVNDBid:JVNDB-2022-022851date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202210-1628date:2022-10-24T00:00:00
db:NVDid:CVE-2022-32913date:2022-11-01T20:15:19.233