Description
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213345
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213340
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213342
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213346
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213344
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213343
Scores
CVSS v3
7.8
EPSS
0.0007
EPSS Percentile
22.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (7)
apple/ipados
< 15.6
apple/iphone_os
< 15.6
apple/mac_os_x
10.15.7 security_update_2020-001 (12 CPE variants)
apple/macos
10.15.7 (2 CPE variants)
apple/macos
< 10.15.7
apple/tvos
< 15.6
apple/watchos
< 8.7
Published
Sep 23, 2022
Tracked Since
Feb 18, 2026