Improper access control in macOS - CVE-2022-32867
Published: October 25, 2022
Vulnerability identifier: #VU68649
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-32867
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows a local attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in Crash Reporter. An attacker with physical access to device can read data past diagnostic logs.
How to mitigate CVE-2022-32867
Install updates from vendor's website.