CVE-2022-42840
published 2022-12-15CVE-2022-42840: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and…
PriorityP180high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.37%
29.0th percentile
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.7.2_and_ipados | — | — |
| apple | ios_16.2_and_ipados | — | — |
| apple | ipados | < 15.7.2 | 15.7.2 |
| apple | ipados | >= 16.0 < 16.2 | 16.2 |
| apple | iphone_os | < 15.7.2 | 15.7.2 |
| apple | iphone_os | >= 16.0 < 16.2 | 16.2 |
| apple | macos | — | — |
| apple | macos | >= 11.0 < 11.7.2 | 11.7.2 |
| apple | macos | >= 12.0.0 < 12.6.2 | 12.6.2 |
| apple | macos | >= unspecified < 11.7 | 11.7 |
| apple | macos | >= unspecified < 13.1 | 13.1 |
| apple | macos | >= unspecified < 12.6 | 12.6 |
| apple | macos | >= unspecified < 16.2 | 16.2 |
| apple | macos | >= unspecified < 15.7 | 15.7 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | macos_ventura | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·The NVD description characterizes the impact as kernel code execution ('An app may be able to execute arbitrary code with kernel privileges'), while Apple advisories for macOS describe filesystem modification via PackageKit and photo re-surfacing via Photos. Detections should be scoped per platform and component. ↗
- ·The Kernel-component variant (iOS 15.7.2/iPadOS 15.7.2) is described as a race condition addressed with additional validation, which may require timing-based exploitation techniques distinct from the logic issue in PackageKit. ↗
- ·The PackageKit component impact ('An app may be able to modify protected parts of the file system') indicates potential for SIP/filesystem protection bypass on macOS Big Sur and Monterey; detections should monitor PackageKit-related file system writes to protected paths. ↗
- ·The Photos component variant allows a deleted photo to be re-surfaced without authentication via Shake-to-undo on iOS 16.2/macOS Ventura 13.1; this is a local authentication bypass rather than a code execution primitive. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2022-42840: macOS Big Sur 11.7.2
vendor_apple·2022-12-13·CVSS 7.8
CVE-2022-42840 [HIGH] CVE-2022-42840: macOS Big Sur 11.7.2
Apple Security Update: About the security content of macOS Big Sur 11.7.2
Product: macOS Big Sur
Version: 11.7.2
CVE: CVE-2022-42840
Component: PackageKit
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
Apple
CVE-2022-42840: macOS Monterey 12.6.2
vendor_apple·2022-12-13·CVSS 7.8
CVE-2022-42840 [HIGH] CVE-2022-42840: macOS Monterey 12.6.2
Apple Security Update: About the security content of macOS Monterey 12.6.2
Product: macOS Monterey
Version: 12.6.2
CVE: CVE-2022-42840
Component: PackageKit
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
Apple
CVE-2022-42840: iOS 15.7.2 and iPadOS 15.7.2
vendor_apple·2022-12-13·CVSS 7.8
CVE-2022-42840 [HIGH] CVE-2022-42840: iOS 15.7.2 and iPadOS 15.7.2
Apple Security Update: About the security content of iOS 15.7.2 and iPadOS 15.7.2
Product: iOS 15.7.2 and iPadOS
Version: 15.7.2
CVE: CVE-2022-42840
Component: Kernel
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with additional validation.
Apple
CVE-2022-42840: macOS Ventura 13.1
vendor_apple·2022-12-13·CVSS 7.8
CVE-2022-42840 [HIGH] CVE-2022-42840: macOS Ventura 13.1
Apple Security Update: About the security content of macOS Ventura 13.1
Product: macOS Ventura
Version: 13.1
CVE: CVE-2022-42840
Component: Photos
Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication
Description: The issue was addressed with improved bounds checks.
Apple
CVE-2022-42840: iOS 16.2 and iPadOS 16.2
vendor_apple·2022-12-13·CVSS 7.8
CVE-2022-42840 [HIGH] CVE-2022-42840: iOS 16.2 and iPadOS 16.2
Apple Security Update: About the security content of iOS 16.2 and iPadOS 16.2
Product: iOS 16.2 and iPadOS
Version: 16.2
CVE: CVE-2022-42840
Component: Photos
Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication
Description: The issue was addressed with improved bounds checks.
GHSA
GHSA-cj65-9hr7-j38f: The issue was addressed with improved memory handling
ghsa_unreviewed·2022-12-15
CVE-2022-42840 [HIGH] CWE-787 GHSA-cj65-9hr7-j38f: The issue was addressed with improved memory handling
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
VulnCheck
macOS Monterey, macOS Ventura, macOS Big Sur, iOS and iPadOS Kernel Privilege App Code Execution Vulnerability
vulncheck·2022·CVSS 7.8
CVE-2022-42840 [HIGH] macOS Monterey, macOS Ventura, macOS Big Sur, iOS and iPadOS Kernel Privilege App Code Execution Vulnerability
macOS Monterey, macOS Ventura, macOS Big Sur, iOS and iPadOS Kernel Privilege App Code Execution Vulnerability
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
Affected: Apple ipados
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://support.apple.com/kb/HT213531
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21http://seclists.org/fulldisclosure/2022/Dec/23http://seclists.org/fulldisclosure/2022/Dec/24http://seclists.org/fulldisclosure/2022/Dec/25https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213533https://support.apple.com/en-us/HT213534http://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21http://seclists.org/fulldisclosure/2022/Dec/23http://seclists.org/fulldisclosure/2022/Dec/24http://seclists.org/fulldisclosure/2022/Dec/25https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213533https://support.apple.com/en-us/HT213534
2022-12-15
Published
Exploited in the wild