VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 1, 2022· Updated Aug 3, 2024

CVE-2022-42790

CVE-2022-42790

Description

A logic issue in Apple's lock screen state management allows a user to view restricted content from the lock screen, fixed in multiple OS updates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A logic issue in Apple's lock screen state management allows a user to view restricted content from the lock screen, fixed in multiple OS updates.

Vulnerability

A logic issue in the lock screen state management of Apple operating systems allows a user to view restricted content that should be protected by the lock screen. The vulnerability affects macOS Big Sur before 11.7, macOS Monterey before 12.6, macOS Ventura before 13, iOS before 16, iOS 15 before 15.7, and iPadOS before 15.7 [1][2][3][4]. The issue was addressed with improved state management.

Exploitation

An attacker with physical access to a locked device can exploit this vulnerability by performing specific actions to bypass the lock screen. No authentication or user interaction is required beyond the physical access. The exact sequence of steps is not disclosed in the available references.

Impact

Successful exploitation allows the attacker to view restricted content that is normally hidden behind the lock screen, such as notifications, messages, or other sensitive data. This leads to information disclosure of potentially private information.

Mitigation

Apple has released fixes in macOS Big Sur 11.7, macOS Monterey 12.6, macOS Ventura 13, iOS 16, iOS 15.7, and iPadOS 15.7 [1][2][3][4]. Users should update their devices to the latest available versions. No workarounds have been provided by Apple.

References
  1. About the security content of macOS Ventura 13 - Apple Support
  2. About the security content of iOS 16 - Apple Support
  3. About the security content of macOS Monterey 12.6 - Apple Support
  4. About the security content of macOS Big Sur 11.7 - Apple Support

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

5

News mentions

0

No linked articles in our index yet.