CVE-2022-42864

HIGH EXPLOITED

iPadOS < 15.7.2 - Race Condition Leading to Arbitrary Code Execution

Title source: llm

Exploitation Summary

CVE-2022-42864 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Muirey03.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-42864, targeting Apple's HIDDriverKit. The code demonstrates the creation of a fake HID device and user client to interact with the HID interface, potentially leading to privilege escalation or arbitrary code execution in the kernel.

Description

A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.

Exploits (1)

nomisec WORKING POC 66 stars

by Muirey03 · dos

https://github.com/Muirey03/CVE-2022-42864

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-42864, targeting Apple's HIDDriverKit. The code demonstrates the creation of a fake HID device and user client to interact with the HID interface, potentially leading to privilege escalation or arbitrary code execution in the kernel.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Apple HIDDriverKit (macOS)

No auth needed

Prerequisites: macOS system with vulnerable HIDDriverKit · Ability to load kernel extensions

MITRE ATT&CK