fkie_cve-2022-42865
Vulnerability from fkie_nvd
Published
2022-12-15 19:15
Modified
2024-11-21 07:25
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences.
References
product-security@apple.comhttp://seclists.org/fulldisclosure/2022/Dec/20Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2022/Dec/23Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2022/Dec/26Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2022/Dec/27
product-security@apple.comhttps://support.apple.com/en-us/HT213530Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213532Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213535Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213536Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/kb/HT213534
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Dec/20Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Dec/23Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Dec/26Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Dec/27
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT213530Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT213532Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT213535Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT213536Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213534
Impacted products
Vendor Product Version
apple ipados *
apple iphone_os *
apple macos *
apple tvos *
apple watchos *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89495791-675B-413C-A86D-ECBADF4EDC4E",
              "versionEndExcluding": "16.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1B6657-43F5-4F0E-BE5C-5D828DEE066F",
              "versionEndExcluding": "16.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7457023-5C4E-4935-826D-A411B0324092",
              "versionEndExcluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "400AD564-BDEC-4C81-B650-56357BEBF0C7",
              "versionEndExcluding": "16.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A9F3F63-6BF8-4DD5-97FD-D9C90A62ECB0",
              "versionEndExcluding": "9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences."
    },
    {
      "lang": "es",
      "value": "Este problema se solucion\u00f3 habilitando el tiempo de ejecuci\u00f3n reforzado. Este problema se solucion\u00f3 en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. Es posible que una aplicaci\u00f3n pueda eludir las preferencias de privacidad."
    }
  ],
  "id": "CVE-2022-42865",
  "lastModified": "2024-11-21T07:25:30.483",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-15T19:15:25.470",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/20"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/23"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/26"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://seclists.org/fulldisclosure/2022/Dec/27"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213530"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213532"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213535"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213536"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/kb/HT213534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2022/Dec/27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT213534"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.