CVE-2022-42856
HIGH KEVSafari < 16.2 - Remote Code Execution via Type Confusion
Title source: llmExploitation Summary
CVE-2022-42856 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 14, 2022.
Description
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..
References (13)
Core 13
Core References
Third Party Advisory
https://security.gentoo.org/glsa/202305-32
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213516
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213531
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213532
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213535
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213537
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42856
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/21
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/23
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/22
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/26
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/28
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/12/26/1
Scores
CVSS v3
8.8
EPSS
0.0015
EPSS Percentile
35.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-12-14
VulnCheck KEV
2022-11-30
InTheWild.io
2022-11-30
ENISA EUVD
EUVD-2022-45919
CWE
CWE-843
Status
published
Products (5)
apple/ipados
< 15.7.2
apple/iphone_os
< 15.7.2
apple/macos
< 13.1
apple/safari
< 16.2
apple/tvos
< 16.2
Published
Dec 15, 2022
KEV Added
Dec 14, 2022
Tracked Since
Feb 18, 2026