一、 漏洞 CVE-2022-46689 基础信息
漏洞信息
                                        # N/A

## 概述
修复了一个通过增加验证来解决的竞争条件问题。该问题允许应用以内核权限执行任意代码。

## 影响版本
- tvOS 16.2
- macOS Monterey 12.6.2
- macOS Ventura 13.1
- macOS Big Sur 11.7.2
- iOS 15.7.2 和 iPadOS 15.7.2
- iOS 16.2 和 iPadOS 16.2
- watchOS 9.2

## 细节
修复了一个竞争条件问题,该问题通过增加额外的验证得以解决。

## 影响
一个应用可能能够以内核权限执行任意代码。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Apple iOS 和 macOS 竞争条件问题漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Apple iOS和Apple macOS都是美国苹果(Apple)公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple macOS是一套专为Mac计算机所开发的专用操作系统。 Apple iOS 和 macOS存在竞争条件问题漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
竞争条件问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2022-46689 的公开POC
# POC 描述 源链接 神龙链接
1 Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source. https://github.com/zhuowei/MacDirtyCowDemo POC详情
2 CVE-2022-46689 https://github.com/straight-tamago/NoCameraSound POC详情
3 Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689. https://github.com/ginsudev/WDBFontOverwrite POC详情
4 File Manager for CVE-2022-46689 https://github.com/mineek/FileManager POC详情
5 CVE-2022-46689 https://github.com/straight-tamago/NoHomeBar POC详情
6 CVE-2022-46689 https://github.com/straight-tamago/DockTransparent POC详情
7 poc of CVE-2022-46689 written purely in swift https://github.com/staturnzz/sw1tch POC详情
8 CVE-2022-46689 https://github.com/straight-tamago/FileSwitcherX POC详情
9 iOS customization app powered by CVE-2022-46689 https://github.com/BomberFish/Mandela-Legacy POC详情
10 Simple iOS bootlooper using CVE-2022-46689. https://github.com/BomberFish/JailedCement POC详情
11 iOS customization app powered by CVE-2022-46689. No jailbreak required. https://github.com/BomberFish/Mandela-Classic POC详情
12 Example of CVE-2022-46689 aka MacDirtyCow. https://github.com/enty8080/MacDirtyCow POC详情
13 I do some tweaking for iOS from 16.0 to 16.1.2 based on MacDirtyCow (CVE-2022-46689) exploit. https://github.com/tdquang266/MDC POC详情
14 poc of CVE-2022-46689 written purely in swift https://github.com/69camau/sw1tch POC详情
15 CVE-2022-46689 POC https://github.com/ahkecha/McDirty POC详情
16 Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689. https://github.com/Code2Crusader/46689 POC详情
17 Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689. https://github.com/daviszhto/overwrite POC详情
18 Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689. https://github.com/LumberjackStorys/CVE POC详情
19 iOS customization app powered by CVE-2022-46689 https://github.com/bomberfish/Mandela-Legacy POC详情
20 Simple iOS bootlooper using CVE-2022-46689. https://github.com/bomberfish/JailedCement POC详情
21 iOS customization app powered by CVE-2022-46689. No jailbreak required. https://github.com/bomberfish/Mandela-Classic POC详情
三、漏洞 CVE-2022-46689 的情报信息
四、漏洞 CVE-2022-46689 的评论

暂无评论

发表评论