cbcvebase.
CVE-2022-22587
published 2022-03-18

CVE-2022-22587: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-02-11
Exploited in the wild
EPSS
11.64%
95.5th percentile
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Affected

10 ranges
VendorProductVersion rangeFixed in
appleios_15.3_and_ipados
appleios_and_ipados>= unspecified < 15.315.3
appleipados< 15.315.3
appleiphone_os< 15.315.3
applemacos< 11.6.311.6.3
applemacos>= 12.0 < 12.212.2
applemacos>= unspecified < 12.212.2
applemacos>= unspecified < 11.611.6
applemacos_big_sur
applemacos_monterey

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable component is IOMobileFrameBuffer — monitor for malicious applications interacting with this kernel extension on iOS/iPadOS and macOS
  • CVE-2022-22587 was actively exploited in the wild as a zero-day; treat any unpatched iOS/iPadOS 15.x or macOS (Big Sur <11.6.3, Monterey <12.2) device as high-risk and prioritise detection of privilege-escalation to kernel from user-space applications
  • The vulnerability is a memory corruption flaw triggered via malformed input to IOMobileFrameBuffer; detection should focus on unexpected kernel-privilege execution originating from sandboxed or third-party applications
  • ·Affected products span multiple Apple OS families; ensure patch-level checks cover all three: iOS/iPadOS 15.3, macOS Big Sur 11.6.3, and macOS Monterey 12.2

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.