CVE-2022-42793

Published: Nov 1, 2022Modified: Apr 22, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks.

Affected (4)

Products: Apple: Ipados, Iphone Os, Macos

3 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 15.7
Apple Iphone Os	Before 15.7
Apple Macos	From 11.0 to 11.7
Apple Macos	From 12.0 to 12.6

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (10)

https://support.apple.com/en-us/HT213443

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213444

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213445

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213446

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213488

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213443

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213444

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213445

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213446

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213488

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.