← back
CVE-2022-22587

CVE-2022-22587

CVSS 9.8 CRITICALEPSS 11.6%● KEVCWE-787
In short

A memory corruption flaw in Apple systems allowed malicious apps to run code with the highest system privileges (kernel level), potentially taking complete control of your device. This vulnerability was actively being exploited in the wild.

Technical detail

Out-of-bounds write vulnerability (CWE-787) in Apple's kernel affecting iOS, iPadOS, and macOS through local malicious application execution. Exploitation requires app installation but grants arbitrary kernel code execution, completely compromising system integrity. Fixed through improved input validation in iOS/iPadOS 15.3, macOS Big Sur 11.6.3, and macOS Monterey 12.2.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213053https://support.apple.com/en-us/HT213054https://support.apple.com/en-us/HT213055https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22587