CVE-2022-42848

HIGH EXPLOITED

Apple Ipados < 15.7.2 - Denial of Service

Title source: rule

Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.

References (6)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/20

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/21

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/26

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213530

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213531

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213535

Scores

CVSS v3 7.8

EPSS 0.0030

EPSS Percentile 52.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2022-12-13

Classification

CWE

CWE-693

Status published

Affected Products (3)

apple/ipados < 15.7.2

apple/iphone_os < 15.7.2

apple/tvos < 16.2

Timeline

Published Dec 15, 2022

Tracked Since Feb 18, 2026