First published: Wed Jul 20 2022(Updated: )
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges
Credit: ABC Research s.r.o. product-security@apple.com Tommy Muir @Muirey03 Natalie Silvanovich Google Project ZeroWojciech Reguła @_r3ggi SecuRingMickey Jin @patch1t Trend MicroCsaba Fitzl @theevilbit Offensive SecurityMohamed Ghannam @_simo36 Mickey Jin @patch1t Mickey Jin @patch1t Baidu SecurityYe Zhang @co0py_Cat Baidu SecurityFerdous Saljooki @malwarezoo Jamf Softwarean anonymous researcher John Aakerblom @jaakerblom Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabAntonio Zekic @antoniozekic Daniel Lim Wee Soong STAR LabsJoshua Mason MandiantJoshua Jones Dohyun Lee @l33d0hyun SSD Secure Disclosure LabsKorea Univ. Ivan Fratric Google Project Zerohjy79425575 Yiğit Can YILMAZ @yilmazcanyigit ABC Research s.r.o Yinyi Wu @3ndy1 Dongzhuo Zhao ADLab of Venustech Cyberpeace Tech CoZhaoHai Cyberpeace Tech CoLtd. Xinru Chi Pangu LabTingting Yin Tsinghua University Ant GroupMin Zheng Ant GroupHexhive (hexhive.epfl.ch) ChinaNCNIPC ChinaCVE-2022-32823 Pan ZhenPeng @Peterpan0927 Kai Lu Zscaler's ThreatLabzSreejith Krishnan R @skr0x1c0 Jeffrey Paul (sneak.berlin) Joshua Mason @jhu.edu) @josh Evgeny Kotkov visualsvn.com Xuxiang Yang @another1024 Tencent Security Xuanwu LabGordon Long Computest Sector 7Thijs Alkemade @xnyhps Computest Sector 7Adam Chester TrustedSecYuebin Sun @yuebinsun2020 Tencent Security Xuanwu LabBinoy Chitale Illinois at ChicagoMS student Illinois at ChicagoStony Brook University Illinois at ChicagoNick Nikiforakis Illinois at ChicagoAssociate Professor Illinois at ChicagoJason Polakis Illinois at ChicagoUniversity Illinois at ChicagoMir Masood Ali Illinois at ChicagoPhD student Illinois at ChicagoChris Kanich Illinois at Chicago Illinois at ChicagoMohammad Ghasemisharif Illinois at ChicagoPhD Candidate Illinois at ChicagoP1umer @p1umer Q1IQ @q1iqF Matthias Keller (m-keller.com) afang @afang5472 xmzyshypnc @xmzyshypnc1 Manfred Paul @_manfp Trend Micro Zero Day InitiativeJan Vojtesek Avast Threat Intelligence teamWang Yu CyberservalJeremy Legendre MacEnhancePan ZhenPeng @Peterpan0927 STAR Labs SG PteMickey Jin @patch1t Offensive SecurityCVE-2022-35252 Linus Henze Pinauten GmbHYonghwi Jin @jinmo123 TheoriJohn Balestrieri TinrocketWeijia Dai @dwj1210 Momo SecurityIan Beer Google Project ZeroFelix Poulin-Belanger pattern-f @pattern_F_ Ant Security LightAdam Doupé ASU SEFCOMApple Adam M. CVE-2022-46716 Jiwon Park Mieszko Wawrzyniak CVE-2022-24836 CVE-2022-29181 KirtiKumar Anandrao Ramchandani Michael (Biscuit) Thomas @real_as3617 Hyeon Park @tree_segment Team ApplePIEMaddie Stone Google Project ZeroChengGang Wu Institute of Computing TechnologyYan Kang Institute of Computing TechnologyYuHao Hu Institute of Computing TechnologyYue Sun Institute of Computing TechnologyJiming Wang Institute of Computing Technology Institute of Computing TechnologyJiKai Ren Institute of Computing TechnologyHang Shu Institute of Computing TechnologyChinese Academy SciencesKirtiKumar Anandrao Ramchandani (kirtikumarar.com) hazbinhotel Trend Micro Zero Day InitiativeSamuel Groß Google V8 SecurityDohyun Lee @l33d0hyun DNSLab at Korea UniversityRyan Shin IAAI SecLab at Korea UniversityClément Lecigne Google's Threat Analysis Group
Affected Software | Affected Version | How to fix |
---|---|---|
macOS | <12.5 | 12.5 |
macOS Ventura | <13.1 | 13.1 |
macOS | <13.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2022-42858 is a memory corruption issue identified in AMD processors.
CVE-2022-42858 can affect Apple macOS Ventura 13.1 if it is running on an AMD processor.
CVE-2022-42858 can affect Apple macOS Monterey 12.5 if it is running on an AMD processor.
The severity of CVE-2022-42858 is not specified.
To mitigate CVE-2022-42858, users should update their operating systems to the latest version provided by Apple.