CVE-2022-42861Improper Access Control in Apple Macos

CWE-284Improper Access Control7 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 76.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple MacosApple IpadosApple Iphone OS+4 more
Timeline
PublishedDec 15

Description

This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages8 packages

Appleapple/macos_monterey12.6.2
CVEListV5apple/macosunspecified13.1+3
NVDapple/macos< 12.6.2+1
NVDapple/ipados16.016.2+1

🔴Vulnerability Details

2
GHSA
GHSA-wrh9-jf24-cgwp: This issue was addressed with improved checks2022-12-15
VulnCheck
iOS and iPadOS, macOS Monterey, and macOS Ventura App Sandbox Bypass Vulnerability2022

📋Vendor Advisories

4
Apple
CVE-2022-42861: macOS Monterey 12.6.22022-12-13
Apple
CVE-2022-42861: iOS 16.2 and iPadOS 16.22022-12-13
Apple
CVE-2022-42861: iOS 15.7.2 and iPadOS 15.7.22022-12-13
Apple
CVE-2022-42861: macOS Ventura 13.12022-12-13