CVE-2022-42789
MEDIUMmacOS 11.0-11.6 - Unprotected User Data Exposure via Code Signature Validation Issue
Title source: llmDescription
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213443
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213444
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213488
Scores
CVSS v3
5.5
EPSS
0.0014
EPSS Percentile
33.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
Status
published
Products (1)
apple/macos
11.0 - 11.7
Published
Nov 01, 2022
Tracked Since
Feb 18, 2026