CVE-2022-42856

HIGH KEV

Apple Safari < 16.2 - Type Confusion

Title source: rule

Description

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

References (13)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/21

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/22

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/23

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/26

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/28

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/12/26/1

[Third Party Advisory] https://security.gentoo.org/glsa/202305-32

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213516

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213531

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213532

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213535

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213537

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42856

Scores

CVSS v3 8.8

EPSS 0.0019

EPSS Percentile 40.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-12-14

VulnCheck KEV 2022-11-30

InTheWild.io 2022-11-30

ENISA EUVD EUVD-2022-45919

CWE

CWE-843

Status published

Products (5)

apple/ipados < 15.7.2

apple/iphone_os < 15.7.2

apple/macos < 13.1

apple/safari < 16.2

apple/tvos < 16.2

Published Dec 15, 2022

KEV Added Dec 14, 2022

Tracked Since Feb 18, 2026