CVE-2022-22589Improper Input Validation in Apple IOS AND Ipados

CWE-20Improper Input ValidationCWE-1173Improper Use of Validation Framework15 documents8 sources
Severity
6.1MEDIUMNVD
EPSS
0.8%
top 26.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Apple IOS AND IpadosApple MacosApple Tvos+5 more
Timeline
PublishedMar 18
Latest updateMay 16

Description

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages11 packages

CVEListV5apple/tvosunspecified15.3
NVDapple/tvos< 15.3
CVEListV5apple/macosunspecified12.2
NVDapple/macos11.011.6.6+1
NVDapple/ipados< 15.3

🔴Vulnerability Details

3
GHSA
GHSA-4c33-fwgf-qv6r: A validation issue was addressed with improved input sanitization2022-03-19
OSV
CVE-2022-22589: A validation issue was addressed with improved input sanitization2022-03-18
CVEList
CVE-2022-22589: A validation issue was addressed with improved input sanitization2022-03-18

📋Vendor Advisories

11
Apple
CVE-2022-22589: macOS Big Sur 11.6.62022-05-16
Apple
CVE-2022-22589: Security Update 2022-004 Catalina2022-05-16
Apple
CVE-2022-22589: Security Update 2022-003 Catalina2022-03-14
Ubuntu
WebKitGTK vulnerabilities2022-02-28
Red Hat
webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript2022-02-09
CVE-2022-22589 — Improper Input Validation in Apple | cvebase