← back
CVE-2022-22675

CVE-2022-22675

CVSS 7.8 HIGHEPSS 12.6%● KEVCWE-787
In short

A flaw in Apple software allows an app to write data beyond intended memory boundaries, potentially letting it run malicious code with system-level privileges. This is a serious vulnerability that attackers are already exploiting.

Technical detail

Out-of-bounds write vulnerability (CWE-787) in Apple kernel code due to insufficient bounds checking. Local execution vector requiring app installation; successful exploitation grants kernel-level code execution. Fixed across iOS, iPadOS, macOS, tvOS, and watchOS platforms; active exploitation reported in the wild.

Summary generated and translated by AI from the official description.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213219https://support.apple.com/en-us/HT213220https://support.apple.com/en-us/HT213253https://support.apple.com/en-us/HT213254https://support.apple.com/en-us/HT213256https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22675