SB2022101010 - Multiple vulnerabilities in Apple Music for Android

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022101010

SB2022101010 - Multiple vulnerabilities in Apple Music for Android

Published: October 10, 2022

Security Bulletin ID SB2022101010
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Adjecent network
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32836)

The vulnerability allows the application to access personal information.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and exposure of sensitive information.


2) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-32906)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32846)

The vulnerability allows a local application to access sensitive information.

The vulnerability exists due to a logic error. A local application can access user-sensitive data.


Remediation

Install update from vendor's website.

References