CVE-2022-42855

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
appleCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.1 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
appleipados
𝑥
< 15.7.2
appleipados
16.0 ≤
𝑥
< 16.2
appleiphone_os
𝑥
< 15.7.2
appleiphone_os
16.0 ≤
𝑥
< 16.2
applemacos
𝑥
< 12.6.2
applemacos
13.0
appletvos
𝑥
< 16.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/170518/libCoreEntitlements-CEContextQuery-Arbitrary-Entitlement-Returns.html
http://seclists.org/fulldisclosure/2022/Dec/20
http://seclists.org/fulldisclosure/2022/Dec/21
http://seclists.org/fulldisclosure/2022/Dec/23
http://seclists.org/fulldisclosure/2022/Dec/24
http://seclists.org/fulldisclosure/2022/Dec/26
https://support.apple.com/en-us/HT213530
https://support.apple.com/en-us/HT213531
https://support.apple.com/en-us/HT213532
https://support.apple.com/en-us/HT213533
https://support.apple.com/en-us/HT213535
https://support.apple.com/kb/HT213536
http://packetstormsecurity.com/files/170518/libCoreEntitlements-CEContextQuery-Arbitrary-Entitlement-Returns.html
http://seclists.org/fulldisclosure/2022/Dec/20
http://seclists.org/fulldisclosure/2022/Dec/21
http://seclists.org/fulldisclosure/2022/Dec/23
http://seclists.org/fulldisclosure/2022/Dec/24
http://seclists.org/fulldisclosure/2022/Dec/26
https://support.apple.com/en-us/HT213530
https://support.apple.com/en-us/HT213531
https://support.apple.com/en-us/HT213532
https://support.apple.com/en-us/HT213533
https://support.apple.com/en-us/HT213535
https://support.apple.com/kb/HT213536