⚠ Actively exploited
Added to CISA KEV on 2022-01-28. Federal agencies required to patch by 2022-02-11. Required action: Apply updates per vendor instructions..

CVE-2022-22587Out-of-bounds Write in Apple IOS AND Ipados

CWE-787Out-of-bounds WriteCWE-20Improper Input Validation11 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 38.55%
CISA KEV
KEV
Added 2022-01-28
Due 2022-02-11
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Apple IOS AND IpadosApple MacosApple Ipados+4 more
Timeline
KEV addedJan 28
KEV dueFeb 11
PublishedMar 18
Latest updateJun 1
CISA Required Action: Apply updates per vendor instructions.

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

CVEListV5apple/macosunspecified12.2+1
NVDapple/macos12.012.2+1
Appleapple/macos_big_sur11.6.3
NVDapple/ipados< 15.3

🔴Vulnerability Details

4
Project0
2022 0-day In-the-Wild Exploitation…so far - Project Zero2022-06-01
Project0
The More You Know, The More You Know You Don’t Know - Project Zero2022-04-01
GHSA
GHSA-p75p-vc6x-p9wf: A memory corruption issue was addressed with improved input validation2022-03-19
VulnCheck
Apple Memory Corruption Vulnerability2022

📋Vendor Advisories

4
CISA
Apple Memory Corruption Vulnerability2022-01-28
Apple
CVE-2022-22587: iOS 15.3 and iPadOS 15.32022-01-26
Apple
CVE-2022-22587: macOS Monterey 12.22022-01-26
Apple
CVE-2022-22587: macOS Big Sur 11.6.32022-01-26

🕵️Threat Intelligence

2
Sentinelone
10 Assumptions About macOS Security That Put Your Business At Risk2022-02-07
Sentinelone
10 Assumptions About macOS Security That Put Your Business At Risk2022-02-07