CVE-2022-22629

HIGH

macOS Monterey <12.3 - Buffer Overflow

Title source: llm

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (2)

nomisec WORKING POC

by lck0 · poc

https://github.com/lck0/CVE-2022-22629

View Code ZIP pw:eip

inthewild

poc

https://github.com/parsdefense/cve-2022-22629

View on inthewild

References (6)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213182

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213183

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213186

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213187

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213188

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213193

Scores

CVSS v3 8.8

EPSS 0.2172

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (7)

apple/ipados < 15.4

apple/iphone_os < 15.4

apple/itunes < 12.12.3

apple/macos 12.0.0 - 12.3

apple/safari < 15.4

apple/tvos < 15.4

apple/watchos < 8.5

Published Sep 23, 2022

Tracked Since Feb 18, 2026