CVE-2022-22637

HIGH

macOS Monterey <12.3 - CSRF

Title source: llm

Description

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.

References (5)

[Vendor Advisory] https://support.apple.com/en-us/HT213182

[Vendor Advisory] https://support.apple.com/en-us/HT213183

[Vendor Advisory] https://support.apple.com/en-us/HT213186

[Vendor Advisory] https://support.apple.com/en-us/HT213187

[Vendor Advisory] https://support.apple.com/en-us/HT213193

Scores

CVSS v3 8.8

EPSS 0.0024

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-346

Status published

Affected Products (6)

apple/safari < 15.4

apple/ipad_os < 15.4

apple/iphone_os < 15.4

apple/macos < 12.3

apple/tvos < 15.4

apple/watchos < 8.5

Timeline

Published Sep 23, 2022

Tracked Since Feb 18, 2026