CVE-2022-42855
published 2022-12-15CVE-2022-42855: A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS…
PriorityP181high7.1CVSS 3.1
AVLACLPRNUIRSUCHIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.53%
40.5th percentile
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.7.2_and_ipados | — | — |
| apple | ios_16.2_and_ipados | — | — |
| apple | ipados | < 15.7.2 | 15.7.2 |
| apple | ipados | >= 16.0 < 16.2 | 16.2 |
| apple | iphone_os | < 15.7.2 | 15.7.2 |
| apple | iphone_os | >= 16.0 < 16.2 | 16.2 |
| apple | macos | < 12.6.2 | 12.6.2 |
| apple | macos | — | — |
| apple | macos_monterey | — | — |
| apple | macos_ventura | — | — |
| apple | tvos | < 16.2 | 16.2 |
| apple | tvos | >= unspecified < 16.2 | 16.2 |
| apple | tvos | >= unspecified < 13.1 | 13.1 |
| apple | tvos | >= unspecified < 12.6 | 12.6 |
| apple | tvos | >= unspecified < 15.7 | 15.7 |
| apple | tvos16.2 | — | — |
| apple | watchos | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable component is 'Preferences' on Apple platforms; monitor for apps attempting to claim or use arbitrary entitlements beyond their declared entitlement set, which may indicate exploitation of this logic issue. ↗
- →The vulnerability is a logic issue in state management within the Preferences component — detection should focus on anomalous entitlement usage or privilege escalation by apps on affected Apple OS versions (tvOS < 16.2, macOS Monterey < 12.6.2, macOS Ventura < 13.1, iOS/iPadOS < 15.7.2 or < 16.2). ↗
- ·Affected platforms span multiple Apple OS families; ensure patching coverage across all: tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2, iPadOS 15.7.2, iOS 16.2, iPadOS 16.2, and watchOS 9.2. ↗
- ·The vulnerable component is 'Preferences' — security tooling or EDR rules scoped only to kernel/network components may miss exploitation of this entitlement-abuse vector. ↗
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
vulncheck7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Project0
DER Entitlements: The (Brief) Return of the Psychic Paper - Project Zero
project_zero·2023-01-01·CVSS 7.1
CVE-2022-42855 [HIGH] DER Entitlements: The (Brief) Return of the Psychic Paper - Project Zero
Posted by Ivan Fratric, Project Zero
Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monterey 12.6.2. While the vulnerability did not appear to be exploitable on iOS 16 and macOS Ventura, iOS 16.2 and macOS Ventura 13.1 nevertheless shipped hardening changes related to it.
Last year, I spent a lot of time researching the security of applications built on top of XMPP, an instant messaging protocol based on XML. More specifically, my research focused on how subtle quirks in XML parsing can be used to undermine the security of such applications. (If you are interested in learning more about that research, I did a talk on it at Black Hat USA 2022. The slides and the recording can be found here and here).
At some point, when a part of my
GHSA
GHSA-rg9c-336x-3rq5: A logic issue was addressed with improved state management
ghsa_unreviewed·2022-12-15
CVE-2022-42855 [HIGH] CWE-269 GHSA-rg9c-336x-3rq5: A logic issue was addressed with improved state management
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.
VulnCheck
tvOS, macOS Monterey, macOS Ventura, iOS and iPadOS App Arbitrary Entitlements Vulnerability
vulncheck·2022·CVSS 7.1
CVE-2022-42855 [HIGH] tvOS, macOS Monterey, macOS Ventura, iOS and iPadOS App Arbitrary Entitlements Vulnerability
tvOS, macOS Monterey, macOS Ventura, iOS and iPadOS App Arbitrary Entitlements Vulnerability
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.
Affected: Apple ipados
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://support.apple.com/kb/HT213531
Apple
CVE-2022-42855: iOS 16.2 and iPadOS 16.2
vendor_apple·2022-12-13·CVSS 7.1
CVE-2022-42855 [HIGH] CVE-2022-42855: iOS 16.2 and iPadOS 16.2
Apple Security Update: About the security content of iOS 16.2 and iPadOS 16.2
Product: iOS 16.2 and iPadOS
Version: 16.2
CVE: CVE-2022-42855
Component: Preferences
Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state management.
Apple
CVE-2022-42855: macOS Ventura 13.1
vendor_apple·2022-12-13·CVSS 7.1
CVE-2022-42855 [HIGH] CVE-2022-42855: macOS Ventura 13.1
Apple Security Update: About the security content of macOS Ventura 13.1
Product: macOS Ventura
Version: 13.1
CVE: CVE-2022-42855
Component: Preferences
Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state management.
Apple
CVE-2022-42855: tvOS16.2
vendor_apple·2022-12-13·CVSS 7.1
CVE-2022-42855 [HIGH] CVE-2022-42855: tvOS16.2
Apple Security Update: About the security content of tvOS16.2
Product: tvOS16.2
CVE: CVE-2022-42855
Component: Preferences
Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state management.
Apple
CVE-2022-42855: watchOS 9.2
vendor_apple·2022-12-13·CVSS 7.1
CVE-2022-42855 [HIGH] CVE-2022-42855: watchOS 9.2
Apple Security Update: About the security content of watchOS 9.2
Product: watchOS
Version: 9.2
CVE: CVE-2022-42855
Component: Preferences
Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state management.
Apple
CVE-2022-42855: iOS 15.7.2 and iPadOS 15.7.2
vendor_apple·2022-12-13·CVSS 7.1
CVE-2022-42855 [HIGH] CVE-2022-42855: iOS 15.7.2 and iPadOS 15.7.2
Apple Security Update: About the security content of iOS 15.7.2 and iPadOS 15.7.2
Product: iOS 15.7.2 and iPadOS
Version: 15.7.2
CVE: CVE-2022-42855
Component: Preferences
Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state management.
Apple
CVE-2022-42855: macOS Monterey 12.6.2
vendor_apple·2022-12-13·CVSS 7.1
CVE-2022-42855 [HIGH] CVE-2022-42855: macOS Monterey 12.6.2
Apple Security Update: About the security content of macOS Monterey 12.6.2
Product: macOS Monterey
Version: 12.6.2
CVE: CVE-2022-42855
Component: Preferences
Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state management.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/170518/libCoreEntitlements-CEContextQuery-Arbitrary-Entitlement-Returns.htmlhttp://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21http://seclists.org/fulldisclosure/2022/Dec/23http://seclists.org/fulldisclosure/2022/Dec/24http://seclists.org/fulldisclosure/2022/Dec/26https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213533https://support.apple.com/en-us/HT213535https://support.apple.com/kb/HT213536http://packetstormsecurity.com/files/170518/libCoreEntitlements-CEContextQuery-Arbitrary-Entitlement-Returns.htmlhttp://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21http://seclists.org/fulldisclosure/2022/Dec/23http://seclists.org/fulldisclosure/2022/Dec/24http://seclists.org/fulldisclosure/2022/Dec/26https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213533https://support.apple.com/en-us/HT213535https://support.apple.com/kb/HT213536
2022-12-15
Published
Exploited in the wild