CVE-2022-42855
First published: Tue Dec 13 2022(Updated: )
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.
Credit: Ivan Fratric Google Project ZeroIvan Fratric Google Project ZeroIvan Fratric Google Project ZeroIvan Fratric Google Project ZeroIvan Fratric Google Project ZeroIvan Fratric Google Project Zero product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <16.2 | 16.2 |
| Apple iPadOS | <16.2 | 16.2 |
| Apple iOS | <15.7.2 | 15.7.2 |
| Apple iPadOS | <15.7.2 | 15.7.2 |
| <13.1 | 13.1 | |
| Apple macOS Monterey | <12.6.2 | 12.6.2 |
| Apple tvOS | <16.2 | 16.2 |
| Apple watchOS | <9.2 | 9.2 |
| Apple iPadOS | <15.7.2 | |
| Apple iPadOS | >=16.0<16.2 | |
| Apple iPhone OS | <15.7.2 | |
| Apple iPhone OS | >=16.0<16.2 | |
| Apple macOS | <12.6.2 | |
| Apple macOS | =13.0 | |
| Apple tvOS | <16.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/170518/libCoreEntitlements-CEContextQuery-Arbitrary-Entitlement-Returns.html
- http://seclists.org/fulldisclosure/2022/Dec/20
- http://seclists.org/fulldisclosure/2022/Dec/21
- http://seclists.org/fulldisclosure/2022/Dec/23
- http://seclists.org/fulldisclosure/2022/Dec/24
- http://seclists.org/fulldisclosure/2022/Dec/26
- https://support.apple.com/en-us/HT213530 (Advisory)
- https://support.apple.com/en-us/HT213531 (Advisory)
- https://support.apple.com/en-us/HT213532 (Advisory)
- https://support.apple.com/en-us/HT213533 (Advisory)
- https://support.apple.com/en-us/HT213535 (Advisory)
- https://support.apple.com/kb/HT213536
- https://support.apple.com/en-us/HT213536 (Advisory)
- https://support.apple.com/kb/HT213532
- https://support.apple.com/kb/HT213535
- https://support.apple.com/kb/HT213530
- https://support.apple.com/kb/HT213533
- https://support.apple.com/kb/HT213531
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-46717
- CVE-2022-42843
- CVE-2022-46694
- CVE-2022-42865
- CVE-2022-42859
- CVE-2022-46693
- CVE-2022-42864
- CVE-2022-46690
- CVE-2022-42837
- CVE-2022-46689
- CVE-2022-42842
- CVE-2022-42845
- CVE-2022-48618
- CVE-2022-40303
- CVE-2022-40304
- CVE-2022-42855
- CVE-2022-46695
- CVE-2022-42849
- CVE-2022-46703
- CVE-2022-42866
- CVE-2022-46705
- CVE-2022-42867
- CVE-2022-46691
- CVE-2022-46692
- CVE-2022-42852
- CVE-2022-46696
- CVE-2022-46700
- CVE-2022-46698
- CVE-2022-46699
- CVE-2022-42863
- CVE-2022-42858
- CVE-2022-42847
- CVE-2022-42854
- CVE-2022-42853
- CVE-2022-35252
- CVE-2022-32942
- CVE-2022-46720
- CVE-2022-46710
- CVE-2022-46697
- CVE-2022-46701
- CVE-2022-42861
- CVE-2022-42839
- CVE-2022-46716
- CVE-2022-46704
- CVE-2022-32943
- CVE-2022-42840
- CVE-2022-42862
- CVE-2022-24836
- CVE-2022-29181
- CVE-2022-46718
- CVE-2022-32919
- CVE-2022-46725
- CVE-2022-42856
- CVE-2022-42841
- CVE-2022-42848
- CVE-2022-42851
- CVE-2022-46702
- CVE-2022-42850
- CVE-2022-42846
- CVE-2022-42844
- CVE-2022-42821
- CVE-2023-23496
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2022-42855.
What is the title of this vulnerability?
The title of this vulnerability is 'Preferences. A logic issue was addressed with improved state management.'
Which software is affected by this vulnerability?
The affected software includes Apple iOS up to version 16.2, Apple iPadOS up to version 16.2, Apple macOS Ventura up to version 13.1, Apple macOS Monterey up to version 12.6.2, Apple iOS up to version 15.7.2, Apple iPadOS up to version 15.7.2, Apple tvOS up to version 16.2, and Apple watchOS up to version 9.2.
How can I fix this vulnerability?
To fix this vulnerability, update your Apple devices to the latest available software version as recommended by Apple.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the following Apple support pages: [Link 1](https://support.apple.com/en-us/HT213530), [Link 2](https://support.apple.com/en-us/HT213532), [Link 3](https://support.apple.com/en-us/HT213531).
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/event
- agent/tags
- agent/description
- vendor/apple
- canonical/apple ipados
- version/apple ipados/16.0
- canonical/apple iphone os
- version/apple iphone os/16.0
- canonical/apple macos
- version/apple macos/13.0
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple macos ventura
- canonical/apple ios
- canonical/apple macos monterey