#VU60039 Information disclosure in Apple iOS and iPadOS


Published: 2022-01-26

Vulnerability identifier: #VU60039

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-22594

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apple iOS
Operating systems & Components / Operating system
iPadOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a cross-origin issue in the IndexDB API within the WebKit Storage. A remote attacker can trick the victim to visit a specially crafted website and gain access to sensitive information, locally stored by WebKit.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apple iOS: 15.0 19A346 - 15.2.1 19C63

iPadOS: 15.0 19A346 - 15.2.1 19C63


CPE

External links
http://support.apple.com/en-us/HT213053


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability