CVE-2022-46689

A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.

CVSS v3.0 7.0 HIGH

7.0^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT213531	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213532	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213530	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213535	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213536	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213533	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213534	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2022/Dec/26	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/27	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/20	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/21	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/23	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/24	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/25	Mailing List Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

Information

Published : 2022-12-15 11:15

Updated : 2023-01-09 08:48

NVD link : CVE-2022-46689

Mitre link : CVE-2022-46689

JSON object : View

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Advertisement

Products Affected

apple

tvos
macos
safari
watchos
iphone_os
ipados

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/en-us/HT213531", "name": "https://support.apple.com/en-us/HT213531", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213532", "name": "https://support.apple.com/en-us/HT213532", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213530", "name": "https://support.apple.com/en-us/HT213530", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213535", "name": "https://support.apple.com/en-us/HT213535", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213536", "name": "https://support.apple.com/en-us/HT213536", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213533", "name": "https://support.apple.com/en-us/HT213533", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213534", "name": "https://support.apple.com/en-us/HT213534", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/26", "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/27", "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/20", "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/21", "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/23", "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/24", "name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/25", "name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-362"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-46689", "ASSIGNER": "product-security@apple.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}}, "publishedDate": "2022-12-15T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.2"}, {"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.2"}, {"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.7.2"}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.7.2"}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.1.2", "versionStartIncluding": "16.0"}, {"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.2"}, {"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "11.7.2"}, {"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.6.2", "versionStartIncluding": "12.0"}, {"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "13.1", "versionStartIncluding": "13.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-09T16:48Z"}