cbcvebase.
CVE-2022-42861
published 2022-12-15

CVE-2022-42861: This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and…

PriorityP276high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.27%
18.5th percentile
This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.

Affected

14 ranges
VendorProductVersion rangeFixed in
appleios_15.7.2_and_ipados
appleios_16.2_and_ipados
appleipados< 15.7.215.7.2
appleipados>= 16.0 < 16.216.2
appleiphone_os< 15.7.215.7.2
appleiphone_os>= 16.0 < 16.216.2
applemacos< 12.6.212.6.2
applemacos
applemacos>= unspecified < 13.113.1
applemacos>= unspecified < 12.612.6
applemacos>= unspecified < 16.216.2
applemacos>= unspecified < 15.715.7
applemacos_monterey
applemacos_ventura

Detection & IOCsextracted from sources · hover to see the quote

  • ·The vulnerability allows sandbox escape ('An app may be able to break out of its sandbox') but no technical exploitation details, PoC code, malicious indicators, or attack-specific artifacts are disclosed in any of the source documents. No actionable IOCs can be extracted.
  • ·Fixed versions are: iOS 16.2, iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2, and iPadOS 15.7.2. Any device running earlier versions remains vulnerable.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.