VDB
CVE-2022-42837
CVE-2022-42837
PUBLISHED
In Apple macOS existieren mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung, sowie aufgrund fehlender oder mangelhafter Prüfungen. Betroffen sind zahlreiche Komponenten, beispielsweise WebKit und der Kernel von macOS. Ein Angreifer kann dadurch den Nutzer täuschen, Informationen offenlegen, Sicherheitsmechanismen umgehen, seine Privilegien eskalieren und beliebigen Code mit Kernel-Rechten ausführen.
EPSS 5.86% · 90.7th percentile
Risk Scores
EPSS Score
5.86%
90.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Apple iOS <12.5.7 |
Exploit Intelligence
- https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog (certbund)
- https://support.apple.com/en-us/HT213536 (circl)
- https://support.apple.com/kb/HT213535 (circl)
- https://support.apple.com/en-us/HT213532 (circl)
- https://support.apple.com/en-us/HT213530 (circl)
- https://support.apple.com/en-us/HT213531 (circl)
- 20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2 (circl)
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2 (circl)
- 20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1 (circl)
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2 (circl)
…and 40 more exploits
Timeline
- Dec 13, 2022 VulnCheck KEV Exploitation
- Dec 13, 2022 CVE Published
- Dec 16, 2022 EPSS Score
- Dec 19, 2022 PoC Published
- Dec 21, 2022 EPSS Score
- Jan 27, 2023 EPSS Score
- Mar 10, 2023 EPSS Score
- Apr 5, 2023 PoC Published
- Apr 20, 2023 EPSS Score
- Jul 13, 2023 EPSS Score
- Aug 24, 2023 EPSS Score
- Nov 15, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2313.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2313 advisory
- https://support.apple.com/de-de/HT213532 advisory
- https://support.apple.com/de-de/HT213533 advisory
- https://support.apple.com/de-de/HT213534 advisory
- https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog exploit
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2321.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2321 advisory
- https://support.apple.com/de-de/HT213530 advisory
- https://support.apple.com/de-de/HT213531 advisory
- https://support.apple.com/en-us/HT213597 advisory