{"vulnerability": "CVE-2022-4671", "sightings": [{"uuid": "d92dc428-db8f-41ac-85ed-fd214a7b5847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46710", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18981", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46710\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet.\n\ud83d\udccf Published: 2024-01-10T22:03:37.235Z\n\ud83d\udccf Modified: 2025-06-20T15:32:34.297Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213532\n2. https://support.apple.com/en-us/HT213530", "creation_timestamp": "2025-06-20T15:44:20.000000Z"}, {"uuid": "dc087d50-6252-4009-a8cd-28a5aaa0a5e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46712", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7146", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46712\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges.\n\ud83d\udccf Published: 2023-02-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-11T14:26:33.138Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213488", "creation_timestamp": "2025-03-11T14:39:38.000000Z"}, {"uuid": "acaf2709-634d-4051-836a-a2a42b659353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46713", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7147", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46713\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.\n\ud83d\udccf Published: 2023-02-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-11T14:25:32.946Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213488\n2. https://support.apple.com/en-us/HT213493\n3. https://support.apple.com/en-us/HT213494", "creation_timestamp": "2025-03-11T14:39:43.000000Z"}, {"uuid": "24506fa0-95a4-48de-90c5-d21ecfb05e81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46718", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2911", "content": "Tools - Hackers Factory \n\n\u200b\u200bctf-tools\n\nThis is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth.\n\nhttps://github.com/zardus/ctf-tools\n\n#cybersecurity #infosec #ctf\n\n\u200b\u200bRESTler\n\nRESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.\n\nhttps://github.com/microsoft/restler-fuzzer\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2022-46718\n\niOS Vulnerability Exposes Sensitive Location Data.\n\nhttps://github.com/biscuitehh/cve-2022-46718-leaky-location\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bBunkerWeb\n\nA web server based on the notorious NGINX and focused on security.\n\nhttps://github.com/bunkerity/bunkerweb\n\n#cybersecurity #infosec\n\n\u200b\u200bLAUREL\n\nLAUREL is an event post-processing plugin for auditd(8) that generates useful, enriched JSON-based audit logs suitable for modern security monitoring setups.\n\nhttps://github.com/threathunters-io/laurel\n\n#cybersecurity #infosec\n\n\u200b\u200bSecbench.js\n\nSecbench.js is the first benchmark suite of server-side JavaScript vulnerabilities. This benchmark consists of 600 publicly reported vulnerabilities curated from different advisory databases, such as Snyk, GitHub Advisories, and Huntr.dev.\n\nhttps://github.com/cristianstaicu/SecBench.js\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCTFd\n\nA Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes.\n\nhttps://github.com/CTFd/CTFd\n\n#cybersecurity #infosec #ctf\n\n\u200b\u200bStackMask\n\nThis is a PoC of encrypting the stack prior to custom sleeping by leveraging CPU cycles. This is the code of the relevant blog post: Masking the Implant with Stack Encryption\n\nhttps://github.com/WKL-Sec/StackMask\n\n#infosec #pentesting #redteam\n\n\u200b\u200bETWHash\n\nA C# POC that is able to extract NetNTLMv2 hashes of incoming authentications via SMB, by consuming ETW events from the Microsoft-Windows-SMBServer provider {D48CE617-33A2-4BC3-A5C7-11AA4F29619E}\n\nhttps://github.com/nettitude/ETWHash\n\n#infosec #pentesting #redteam\n\n\u200b\u200bsh4d0wup\n\nSigning-key abuse and update exploitation framework.\n\nhttps://github.com/kpcyrd/sh4d0wup\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-05T15:01:04.000000Z"}, {"uuid": "6e207368-2ced-4300-a2d5-797a581cafcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46717", "type": "seen", "source": "https://t.me/cibsecurity/61788", "content": "\u203c CVE-2022-46717 \u203c\n\nA logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via accessibility features\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-10T22:23:03.000000Z"}, {"uuid": "1b3ccbae-f3d3-4356-863b-ad676592959a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46718", "type": "published-proof-of-concept", "source": "Telegram/x32OgBFd0aCC92zk7eLPFbtruiIwizixl2f573m9-8FRL4U", "content": "", "creation_timestamp": "2023-07-09T19:53:04.000000Z"}, {"uuid": "6ab86383-cf81-4b88-ab5f-26ce14c0aa6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46710", "type": "seen", "source": "https://t.me/ctinow/175777", "content": "https://ift.tt/vrQDHmz\nCVE-2022-46710 | Apple macOS iCloud Link information disclosure", "creation_timestamp": "2024-01-30T09:41:33.000000Z"}, {"uuid": "0f7b9392-ebb1-4f22-b471-df2b6962e83a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46710", "type": "seen", "source": "https://t.me/ctinow/175776", "content": "https://ift.tt/cMfirZE\nCVE-2022-46710 | Apple iOS/iPadOS iCloud Link information disclosure", "creation_timestamp": "2024-01-30T09:41:32.000000Z"}, {"uuid": "e6afab3f-88e0-425d-ab69-7dbde713c901", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46716", "type": "seen", "source": "https://t.me/cibsecurity/61787", "content": "\u203c CVE-2022-46716 \u203c\n\nA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-10T22:23:02.000000Z"}, {"uuid": "4a1b1c69-50cd-441a-a669-060ee96039ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46718", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8229", "content": "#exploit\n1. CVE-2022-46718:\niOS Vulnerability Exposes Sensitive Location Data\nhttps://github.com/biscuitehh/cve-2022-46718-leaky-location\n\n2. Fortigate 7.0.1 Stack Overflow\nhttps://packetstormsecurity.com/files/172082/Fortigate-7.0.1-Stack-Overflow.html\n]-> https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html", "creation_timestamp": "2023-05-03T13:26:14.000000Z"}]}