CVE-2022-42855Improper Privilege Management in Apple Tvos

CWE-269Improper Privilege Management10 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 80.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Apple TvosApple IpadosApple Iphone OS+7 more
Timeline
PublishedDec 15
Latest updateJan 1

Description

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages11 packages

Appleapple/macos_monterey12.6.2
NVDapple/macos< 12.6.2+1
NVDapple/ipados16.016.2+1

🔴Vulnerability Details

3
Project0
DER Entitlements: The (Brief) Return of the Psychic Paper - Project Zero2023-01-01
GHSA
GHSA-rg9c-336x-3rq5: A logic issue was addressed with improved state management2022-12-15
VulnCheck
tvOS, macOS Monterey, macOS Ventura, iOS and iPadOS App Arbitrary Entitlements Vulnerability2022

📋Vendor Advisories

6
Apple
CVE-2022-42855: iOS 16.2 and iPadOS 16.22022-12-13
Apple
CVE-2022-42855: macOS Ventura 13.12022-12-13
Apple
CVE-2022-42855: tvOS16.22022-12-13
Apple
CVE-2022-42855: watchOS 9.22022-12-13
Apple
CVE-2022-42855: iOS 15.7.2 and iPadOS 15.7.22022-12-13