CVE-2022-42852

MEDIUM EXPLOITED

Safari < 16.2 - Unauthorized Memory Disclosure via Malicious Web Content

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-42852 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.

References (13)

Core 13
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213530
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213531
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213532
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213535
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213536
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213537
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/20
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/21
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/23
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/26
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/28
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/27

Scores

CVSS v3 6.5
EPSS 0.0084
EPSS Percentile 75.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2022-12-13
CWE
CWE-200
Status published
Products (6)
apple/ipados < 15.7.2
apple/iphone_os < 15.7.2
apple/macos 13.0
apple/safari < 16.2
apple/tvos < 16.2
apple/watchos < 9.2
Published Dec 15, 2022
Tracked Since Feb 18, 2026