CVE-2022-32857

CVE Database · CVE-2022-32857

CVE-2022-32857

· MEDIUMModified

CVSS v3.1

4.3

EPSS

0.24%

Published

Aug 24, 2022

Modified

May 29, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-319

Affected Products (21)

apple · ipados (up to 15.6)vulnerable

apple · iphone_os (up to 15.6)vulnerable

apple · mac_os_xvulnerable