CVE-2022-32870 is a logic vulnerability in Apple macOS (also affecting iOS 16 and watchOS 9) that allows a user with physical access to a device to leverage Siri to retrieve some call history information. The root cause is a state management flaw in how Siri processes requests related to call history, enabling unauthorized disclosure of call log data without requiring authentication or user interaction beyond invoking Siri. This vulnerability does not allow modification of data or disruption of system availability but compromises confidentiality by exposing call history details. Apple addressed this issue by improving state management in the affected operating systems. The vulnerability is rated with a low CVSS score of 2.4, reflecting its limited impact and the requirement for physical access. There are no known exploits in the wild, and the flaw primarily affects devices running macOS Ventura 13 and later, iOS 16, and watchOS 9. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information).

For European organizations, the impact of CVE-2022-32870 is relatively limited but still noteworthy in environments where sensitive call history information could be leveraged for social engineering, insider threats, or privacy violations. Since the vulnerability requires physical access to the device, it poses a risk mainly in scenarios where devices are lost, stolen, or accessed by unauthorized personnel within an organization. Confidentiality of call logs could be compromised, potentially exposing contact details, call times, and call frequency, which might aid attackers in profiling targets or planning further attacks. However, the vulnerability does not allow remote exploitation or broader system compromise, limiting its impact on operational continuity or data integrity. Organizations with strict privacy regulations, such as those governed by GDPR, should consider this vulnerability in their risk assessments, especially for devices used by executives or employees handling sensitive communications.

To mitigate this vulnerability effectively, European organizations should ensure all Apple devices are updated promptly to macOS Ventura 13, iOS 16, or watchOS 9 where the fix is applied. Beyond patching, organizations should enforce strict physical security controls to prevent unauthorized access to devices, including secure storage, device tracking, and policies for reporting lost or stolen devices. Additionally, disabling Siri access from the lock screen or restricting Siri’s ability to access call history without authentication can reduce exposure. Implementing full-disk encryption and strong device passcodes will further protect data confidentiality if physical access is gained. Regular security awareness training should emphasize the risks of physical device access and encourage users to report suspicious activity. For high-risk roles, consider using mobile device management (MDM) solutions to enforce security configurations and monitor device compliance.