CVE-2022-42848
published 2022-12-15CVE-2022-42848: A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able…
PriorityP278high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.29%
20.3th percentile
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.7.2_and_ipados | — | — |
| apple | ios_16.2_and_ipados | — | — |
| apple | ipados | < 15.7.2 | 15.7.2 |
| apple | ipados | >= 16.0 < 16.2 | 16.2 |
| apple | iphone_os | < 15.7.2 | 15.7.2 |
| apple | iphone_os | >= 16.0 < 16.2 | 16.2 |
| apple | tvos | < 16.2 | 16.2 |
| apple | tvos | >= unspecified < 16.2 | 16.2 |
| apple | tvos | >= unspecified < 15.7 | 15.7 |
| apple | tvos16.2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable component is AVEVideoEncoder (Apple Video Encoder kernel extension); monitor for suspicious apps interacting with AVEVideoEncoder to achieve kernel-level code execution ↗
- →Scope of affected platforms: iOS/iPadOS (<=16.1, <=15.7.1) and tvOS (<=16.1); triage devices not yet patched to these versions as at-risk for kernel privilege escalation via AVEVideoEncoder ↗
- ·The vulnerability is a logic issue in AVEVideoEncoder; exploitation requires a malicious app to be present on the device — attack surface is limited to app execution context, not remote/network-based ↗
- ·Two separate iOS/iPadOS patch branches exist (16.2 and 15.7.2); detection/patching must account for both branches, as devices on the iOS 15 branch remain vulnerable until 15.7.2 is applied ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2022-42848: iOS 16.2 and iPadOS 16.2
vendor_apple·2022-12-13·CVSS 7.8
CVE-2022-42848 [HIGH] CVE-2022-42848: iOS 16.2 and iPadOS 16.2
Apple Security Update: About the security content of iOS 16.2 and iPadOS 16.2
Product: iOS 16.2 and iPadOS
Version: 16.2
CVE: CVE-2022-42848
Component: AVEVideoEncoder
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved checks.
Apple
CVE-2022-42848: iOS 15.7.2 and iPadOS 15.7.2
vendor_apple·2022-12-13·CVSS 7.8
CVE-2022-42848 [HIGH] CVE-2022-42848: iOS 15.7.2 and iPadOS 15.7.2
Apple Security Update: About the security content of iOS 15.7.2 and iPadOS 15.7.2
Product: iOS 15.7.2 and iPadOS
Version: 15.7.2
CVE: CVE-2022-42848
Component: AVEVideoEncoder
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved checks.
Apple
CVE-2022-42848: tvOS16.2
vendor_apple·2022-12-13·CVSS 7.8
CVE-2022-42848 [HIGH] CVE-2022-42848: tvOS16.2
Apple Security Update: About the security content of tvOS16.2
Product: tvOS16.2
CVE: CVE-2022-42848
Component: AVEVideoEncoder
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved checks.
GHSA
GHSA-mv7w-74c6-4w37: A logic issue was addressed with improved checks
ghsa_unreviewed·2022-12-15
CVE-2022-42848 [HIGH] CWE-693 GHSA-mv7w-74c6-4w37: A logic issue was addressed with improved checks
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
VulnCheck
iOS and iPadOS, and tvOS Kernel Privilege App Code Execution Vulnerability
vulncheck·2022·CVSS 7.8
CVE-2022-42848 [HIGH] iOS and iPadOS, and tvOS Kernel Privilege App Code Execution Vulnerability
iOS and iPadOS, and tvOS Kernel Privilege App Code Execution Vulnerability
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
Affected: Apple ipados
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://support.apple.com/kb/HT213531
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21http://seclists.org/fulldisclosure/2022/Dec/26https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213535http://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21http://seclists.org/fulldisclosure/2022/Dec/26https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213535
2022-12-15
Published
Exploited in the wild