CVE-2022-46691

HIGH EXPLOITED

Safari < 16.2 - Out-of-bounds Write via Malicious Web Content

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-46691 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

References (13)

Core 13
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213530
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213531
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213532
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213535
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213536
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213537
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/20
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/21
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/23
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/26
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/28
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/27

Scores

CVSS v3 8.8
EPSS 0.0094
EPSS Percentile 76.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2022-12-13
CWE
CWE-787
Status published
Products (6)
apple/ipados < 15.7.2
apple/iphone_os < 15.7.2
apple/macos < 13.1
apple/safari < 16.2
apple/tvos < 16.2
apple/watchos < 9.2
Published Dec 15, 2022
Tracked Since Feb 18, 2026