← back
CVE-2022-48503

CVE-2022-48503

CVSS 8.8 HIGHEPSS 3.1%● KEVCWE-129
In short

A flaw in how web content is processed allows attackers to execute arbitrary code on affected Apple devices. This happens because the system fails to properly validate memory boundaries when handling certain web content.

Technical detail

Out-of-bounds memory access vulnerability (CWE-129) in web content processing affecting Safari and system components across iOS, iPadOS, macOS, tvOS, and watchOS. Exploitation requires user interaction to process malicious web content; successful exploitation results in arbitrary code execution with the privileges of the affected application. Mitigated through enhanced bounds checking in affected components.

Summary generated and translated by AI from the official description.
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · SafariApple · tvOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213340https://support.apple.com/en-us/HT213341https://support.apple.com/en-us/HT213342https://support.apple.com/en-us/HT213345https://support.apple.com/en-us/HT213346https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48503