cbcvebase.
CVE-2022-42855
published 2022-12-15

CVE-2022-42855: A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS…

PriorityP181high7.1CVSS 3.1
AVLACLPRNUIRSUCHIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.53%
40.5th percentile
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.

Affected

17 ranges
VendorProductVersion rangeFixed in
appleios_15.7.2_and_ipados
appleios_16.2_and_ipados
appleipados< 15.7.215.7.2
appleipados>= 16.0 < 16.216.2
appleiphone_os< 15.7.215.7.2
appleiphone_os>= 16.0 < 16.216.2
applemacos< 12.6.212.6.2
applemacos
applemacos_monterey
applemacos_ventura
appletvos< 16.216.2
appletvos>= unspecified < 16.216.2
appletvos>= unspecified < 13.113.1
appletvos>= unspecified < 12.612.6
appletvos>= unspecified < 15.715.7
appletvos16.2
applewatchos

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable component is 'Preferences' on Apple platforms; monitor for apps attempting to claim or use arbitrary entitlements beyond their declared entitlement set, which may indicate exploitation of this logic issue.
  • The vulnerability is a logic issue in state management within the Preferences component — detection should focus on anomalous entitlement usage or privilege escalation by apps on affected Apple OS versions (tvOS < 16.2, macOS Monterey < 12.6.2, macOS Ventura < 13.1, iOS/iPadOS < 15.7.2 or < 16.2).
  • ·Affected platforms span multiple Apple OS families; ensure patching coverage across all: tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2, iPadOS 15.7.2, iOS 16.2, iPadOS 16.2, and watchOS 9.2.
  • ·The vulnerable component is 'Preferences' — security tooling or EDR rules scoped only to kernel/network components may miss exploitation of this entitlement-abuse vector.

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
vulncheck7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.