Turning Your Computer Into a GPS Tracker With Apple Maps

This vulnerability was indeed a low-hanging fruit. I was using the Console application on macOS to see log messages from the Maps process, and while I was clicking on different restaurants on the map I noticed the following log message:

Maps[13621:4749765] GEOQuickETAResponse: <GEOQuickETAResponse: 0x6000005a9e00> etas: ( “<GEOETAResultByType: 0x600000f27410> { distance = 3951; historic travel time= 1058; “static_travel_time” = 1000;

Apple Maps writes the data above to stderr every time a location is clicked. I also knew about the Maps URL Scheme, which was crucial for this attack. After a few minutes of trial and error, I found that by using the “q” parameter; I could remotely trigger this behaviour while controlling the coordinates the distance value will be calculated from.

Apple assigns CVE-2022-32883 for this vulnerability

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Finding the Base of the Windows Kernel

CVE-2022-2588 – Linux kernel cls_route UAF