Main Vulnerability Database Vulnerabilities #VU61307

Security restrictions bypass in macOS - CVE-2022-22643

Published: March 14, 2022

Vulnerability identifier: #VU61307

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-22643

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in FaceTime due to the ability to send audio and video files without knowledge of the user. An attacker with physical access to the system can share sensitive information via FaceTime.

How to mitigate CVE-2022-22643

Install updates from vendor's website.

Sources

https://support.apple.com/en-us/HT213183

Security restrictions bypass in macOS - CVE-2022-22643

Detailed vulnerability description

How to mitigate CVE-2022-22643

Sources

Please verify you're human