Improper Verification of Cryptographic Signature in macOS

#VU68673 Improper Verification of Cryptographic Signature in macOS

Published: 2022-10-25

Vulnerability identifier: #VU68673

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42793

CWE-ID: CWE-347

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
macOS
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect verification of cryptographic signature within the Security component. A remote attacker can trick the victim into running a malicious app that appears to have a valid signature and compromise the affected system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Apple macOS Ventura

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16

Multiple vulnerabilities in Apple iOS and iPadOS

Multiple vulnerabilities in Apple macOS Big Sur

Multiple vulnerabilities in Apple macOS Monterey