ID

VAR-202210-1485


CVE

CVE-2022-42793


TITLE

Apple macOS Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1643

DESCRIPTION

An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks

Trust: 0.99

sources: NVD: CVE-2022-42793 // VULHUB: VHN-439573

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:15.7

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

sources: NVD: CVE-2022-42793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42793
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202210-1643
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-42793
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202210-1643 // NVD: CVE-2022-42793

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.0

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-439573 // NVD: CVE-2022-42793

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1643

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1643

PATCH

title:Apple macOS Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212969

Trust: 0.6

sources: CNNVD: CNNVD-202210-1643

EXTERNAL IDS

db:NVDid:CVE-2022-42793

Trust: 1.7

db:AUSCERTid:ESB-2022.5300

Trust: 0.6

db:CNNVDid:CNNVD-202210-1643

Trust: 0.6

db:VULHUBid:VHN-439573

Trust: 0.1

sources: VULHUB: VHN-439573 // CNNVD: CNNVD-202210-1643 // NVD: CVE-2022-42793

REFERENCES

url:https://support.apple.com/en-us/ht213488

Trust: 2.3

url:https://support.apple.com/en-us/ht213443

Trust: 1.7

url:https://support.apple.com/en-us/ht213444

Trust: 1.7

url:https://support.apple.com/en-us/ht213445

Trust: 1.7

url:https://support.apple.com/en-us/ht213446

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-42793/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5300

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-39702

Trust: 0.6

sources: VULHUB: VHN-439573 // CNNVD: CNNVD-202210-1643 // NVD: CVE-2022-42793

SOURCES

db:VULHUBid:VHN-439573
db:CNNVDid:CNNVD-202210-1643
db:NVDid:CVE-2022-42793

LAST UPDATE DATE

2024-08-14T12:47:09.138000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-439573date:2022-11-03T00:00:00
db:CNNVDid:CNNVD-202210-1643date:2022-11-04T00:00:00
db:NVDid:CVE-2022-42793date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-439573date:2022-11-01T00:00:00
db:CNNVDid:CNNVD-202210-1643date:2022-10-24T00:00:00
db:NVDid:CVE-2022-42793date:2022-11-01T20:15:22.637