Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/11/04/4
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-32
Vendor Advisory
https://support.apple.com/en-us/HT213443
Vendor Advisory
https://support.apple.com/en-us/HT213444
Vendor Advisory
https://support.apple.com/en-us/HT213445
Vendor Advisory
https://support.apple.com/en-us/HT213446
Vendor Advisory
https://support.apple.com/en-us/HT213486
Vendor Advisory
https://support.apple.com/en-us/HT213487
Vendor Advisory
https://support.apple.com/en-us/HT213488
Scores
CVSS v3
8.8
EPSS
0.0079
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (5)
apple/ipados
< 15.7
apple/iphone_os
< 15.7
apple/macos
11.0 - 11.7
apple/tvos
< 16.0
apple/watchos
< 9.0
Published
Nov 01, 2022
Tracked Since
Feb 18, 2026