Details of VAR-202210-1480

ID

VAR-202210-1480

CVE

CVE-2022-42789

TITLE

Apple macOS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202210-1639

DESCRIPTION

An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data

Trust: 0.99

sources: NVD: CVE-2022-42789 // VULHUB: VHN-439564

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0

sources: NVD: CVE-2022-42789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-42789
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202210-1639
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-42789
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202210-1639 // NVD: CVE-2022-42789

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2022-42789

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1639

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1639

PATCH

title:

Apple macOS Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=212664

Trust: 0.6

sources: CNNVD: CNNVD-202210-1639

EXTERNAL IDS

db:	NVD	id:	CVE-2022-42789	Trust: 1.7
db:	AUSCERT	id:	ESB-2022.5300	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-1639	Trust: 0.6
db:	VULHUB	id:	VHN-439564	Trust: 0.1

sources: VULHUB: VHN-439564 // CNNVD: CNNVD-202210-1639 // NVD: CVE-2022-42789

REFERENCES

url:	https://support.apple.com/en-us/ht213488	Trust: 2.3
url:	https://support.apple.com/en-us/ht213443	Trust: 1.7
url:	https://support.apple.com/en-us/ht213444	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-42789/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5300	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-39702	Trust: 0.6

sources: VULHUB: VHN-439564 // CNNVD: CNNVD-202210-1639 // NVD: CVE-2022-42789

SOURCES

db:	VULHUB	id:	VHN-439564
db:	CNNVD	id:	CNNVD-202210-1639
db:	NVD	id:	CVE-2022-42789

LAST UPDATE DATE

2024-08-14T13:14:55.244000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-439564	date:	2022-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202210-1639	date:	2022-11-03T00:00:00
db:	NVD	id:	CVE-2022-42789	date:	2022-11-02T19:12:50.910

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-439564	date:	2022-11-01T00:00:00
db:	CNNVD	id:	CNNVD-202210-1639	date:	2022-10-24T00:00:00
db:	NVD	id:	CVE-2022-42789	date:	2022-11-01T20:15:22.433