Security restrictions bypass in macOS

#VU61327 Security restrictions bypass in macOS

Cybersecurity Help s.r.o.

Published: 2022-03-14

Vulnerability identifier: #VU61327

Vulnerability risk: Low

CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22599

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
macOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to an error in Siri. An attacker with physical access to device can use Siri to obtain some location information from the lock screen.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

macOS: 12.0 21A344 - 12.2.1 21D62

External links
http://support.apple.com/en-us/HT213183

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Apple watchOS

Multiple vulnerabilities in Apple iOS and iPadOS

Multiple vulnerabilities in Apple macOS Big Sur

Multiple vulnerabilities in Apple macOS Monterey