CVE-2022-42862Improper Access Control in Apple Macos

CWE-284Improper Access Control4 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple MacosApple IpadosApple Iphone OS+2 more
Timeline
PublishedDec 15

Description

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5apple/macosunspecified13.1+1
NVDapple/macos< 13.1
NVDapple/ipados< 16.2

🔴Vulnerability Details

1
GHSA
GHSA-m5c8-qvmj-6h85: This issue was addressed by removing the vulnerable code2022-12-15

📋Vendor Advisories

2
Apple
CVE-2022-42862: iOS 16.2 and iPadOS 16.22022-12-13
Apple
CVE-2022-42862: macOS Ventura 13.12022-12-13