Apple Music Android 3.9.9: Logic flaw gives access to user-sensitive data
CVE-2022-32846 Published on February 27, 2023
A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.
Vulnerability Analysis
CVE-2022-32846 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Improper Control of a Resource Through its Lifetime
The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
Products Associated with CVE-2022-32846
Want to know whenever a new CVE is published for Apple Music? stack.watch will email you.
Affected Versions
Apple Music for Android:- Version unspecified and below 3.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.