cbcvebase.
CVE-2022-42848
published 2022-12-15

CVE-2022-42848: A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able…

PriorityP278high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.29%
20.3th percentile
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.

Affected

10 ranges
VendorProductVersion rangeFixed in
appleios_15.7.2_and_ipados
appleios_16.2_and_ipados
appleipados< 15.7.215.7.2
appleipados>= 16.0 < 16.216.2
appleiphone_os< 15.7.215.7.2
appleiphone_os>= 16.0 < 16.216.2
appletvos< 16.216.2
appletvos>= unspecified < 16.216.2
appletvos>= unspecified < 15.715.7
appletvos16.2

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable component is AVEVideoEncoder (Apple Video Encoder kernel extension); monitor for suspicious apps interacting with AVEVideoEncoder to achieve kernel-level code execution
  • Scope of affected platforms: iOS/iPadOS (<=16.1, <=15.7.1) and tvOS (<=16.1); triage devices not yet patched to these versions as at-risk for kernel privilege escalation via AVEVideoEncoder
  • ·The vulnerability is a logic issue in AVEVideoEncoder; exploitation requires a malicious app to be present on the device — attack surface is limited to app execution context, not remote/network-based
  • ·Two separate iOS/iPadOS patch branches exist (16.2 and 15.7.2); detection/patching must account for both branches, as devices on the iOS 15 branch remain vulnerable until 15.7.2 is applied

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.