Vulnerability
Siri(iPhone 8 and later) – Meeting/Event Disclosure on Locked iPhone
Description
A privacy risk in Siri is where an attacker with physical access to a locked iPhone can view all the scheduled events and meetings. An attacker with physical access to a locked iPhone to bypass the need for specific time information when requesting scheduled events or meetings. By simply requesting a meeting or event on a specific date, such as April 24th, and specifying “all day” as the time, Siri will reveal all scheduled meetings or invites for that date.
CVE-ID
CVE-2022-32871
Vendor
Apple
Product
Siri
Disclosure Timeline
Reported On: 12-04-2022
Made Public On: 16-03-2023
Fixed On: 13-09-2022
Credits
Amit kumar