Main Vulnerability Database Vulnerabilities #VU61327

#VU61327 Security restrictions bypass in macOS - CVE-2022-22599

Published: March 14, 2022

Vulnerability identifier: #VU61327

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-22599

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
macOS

Software vendor:
Apple Inc.

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to an error in Siri. An attacker with physical access to device can use Siri to obtain some location information from the lock screen.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/HT213183