Main Vulnerability Database Vulnerabilities #VU68649

#VU68649 Improper access control in macOS - CVE-2022-32867

Published: October 25, 2022

Vulnerability identifier: #VU68649

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-32867

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
macOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a local attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions in Crash Reporter. An attacker with physical access to device can read data past diagnostic logs.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/HT213488

#VU68649 Improper access control in macOS - CVE-2022-32867

Description

Remediation

External links

Please verify you're human