CVE-2022-22600 — Double Free in Apple IOS AND Ipados

CWE-415 — Double Free8 documents5 sources

Severity

5.5MEDIUMNVD

CISA7.0

EPSS

1.5%

top 18.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +5 more

Timeline

PublishedMar 18

Latest updateJun 1

Description

The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

▶Appleapple/macos_monterey12.3

▶CVEListV5apple/tvosunspecified — 15.4

▶NVDapple/tvos< 15.4

▶CVEListV5apple/macosunspecified — 12.3

▶NVDapple/macos< 12.3

🔴Vulnerability Details

Project0

An Autopsy on a Zombie In-the-Wild 0-day - Project Zero↗2022-06-01

▶

GHSA

GHSA-6wc2-gxhg-9rx4: The issue was addressed with improved permissions logic↗2022-03-19

▶

📋Vendor Advisories

CISA

Linux Kernel Privilege Escalation Vulnerability↗2022-04-11

▶

Apple

CVE-2022-22600: iOS 15.4 and iPadOS 15.4↗2022-03-14

▶

Apple

CVE-2022-22600: macOS Monterey 12.3↗2022-03-14

▶

Apple

CVE-2022-22600: watchOS 8.5↗2022-03-14

▶

Apple

CVE-2022-22600: tvOS 15.4↗2022-03-14

▶