CVE-2022-22620

HIGH KEV

Apple <15.3 - Use After Free

Title source: llm

Description

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Exploits (3)

nomisec WRITEUP 7 stars

by springsec · client-side

https://github.com/springsec/CVE-2022-22620

View Code ZIP pw:eip

nomisec WRITEUP 2 stars

by kmeps4 · client-side

https://github.com/kmeps4/CVE-2022-22620

View Code ZIP pw:eip

nomisec STUB

by bb33bb · poc

https://github.com/bb33bb/dkjiayu.github.io

View Code ZIP pw:eip

References (5)

[Third Party Advisory] https://security.gentoo.org/glsa/202208-39

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213091

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213092

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213093

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22620

Scores

CVSS v3 8.8

EPSS 0.0402

EPSS Percentile 88.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-02-11

VulnCheck KEV 2022-02-10

InTheWild.io 2022-02-10

ENISA EUVD EUVD-2022-27765

CWE

CWE-416

Status published

Products (4)

apple/ipados < 15.3.1

apple/iphone_os < 15.3.1

apple/macos 12.0.0 - 12.2.1

apple/safari < 15.3

Published Mar 18, 2022

KEV Added Feb 11, 2022

Tracked Since Feb 18, 2026