First published: Mon May 16 2022(Updated: )
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.
Credit: cve@mitre.org an anonymous researcher Jordy Zomer @pwningsystems Peter Nguyễn Vũ Hoàng @peternguyen14 STAR LabsNed Williamson Google Project ZeroLinus Henze Pinauten GmbHArsenii Kostromin (0x3c3e) MicrosoftJonathan Bar Or MicrosoftWojciech Reguła @_r3ggi SecuRingZhipeng Huo @R3dF09 Tencent Security Xuanwu LabYuebin Sun @yuebinsun2020 Tencent Security Xuanwu LabMax Shavrick @_mxms the Google Security TeamZubair Ashraf CrowdstrikeCVE-2022-0778 CVE-2022-23308 Paul Walker BuryNathaniel Ekoniak Ennate TechnologiesMickey Jin @patch1t @gorelics Peter Nguyễn Vũ Hoàng STAR LabsFelix Poulin-Belanger Gergely Kalman @gergely_kalman Mandiant MandiantJoshua Mason MandiantAntonio Cheong Yu Xuan YCISCQArsenii Kostromin (0x3c3e) Ron Waisberg SecuRingan anonymous researcher SecuRing Perception PointRon Hass @ronhass7 Perception Pointryuzaki Chijin Zhou ShuiMuYuLin LtdTsinghua wingtecher lab Jeonghoon Shin TheoriSorryMybad @S0rryMybad Kunlun LabDongzhuo Zhao ADLab of VenustechScarlet Raine Wang Yu CyberservalCVE-2022-0530 Tavis Ormandy CVE-2021-45444 Jon Thompson EvolveIA) Yonghwi Jin @jinmo123 Theoriactae0n Blacksun Hackers Club working with Trend Micro Zero Day InitiativeAndrew Williams GoogleAvi Drissman GoogleLiu Long Ant Security LightAntonio Zekic @antoniozekic Jeonghoon Shin Theori working with Trend Micro Zero Day InitiativeJack Dates RET2 Systems Incchenyuwang @mzzzz__ Tencent Security Xuanwu LabCVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 Michael DePlante @izobashi Trend Micro Zero Day InitiativeQi Sun Trend MicroRobert Ai Trend MicroYe Zhang @co0py_Cat Baidu SecurityABC Research s.r.o
Affected Software | Affected Version | How to fix |
---|---|---|
macOS | <12.4 | 12.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-42857 is a vulnerability in System Preferences on macOS Monterey 12.4 that allows for symlink validation bypass.
The severity of CVE-2022-42857 is not provided.
CVE-2022-42857 affects macOS Monterey 12.4 by allowing symlink validation bypass in System Preferences.
To fix CVE-2022-42857, update your macOS Monterey to version 12.4 or later by following the instructions provided by Apple in their support article.
You can find more information about CVE-2022-42857 in the Apple support article at the following link: [https://support.apple.com/en-us/HT213257](https://support.apple.com/en-us/HT213257)