cbcvebase.
CVE-2022-22675
published 2022-05-26

CVE-2022-22675: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey…

PriorityP184high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-25
Exploited in the wild
EPSS
12.64%
95.8th percentile
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Affected

16 ranges
VendorProductVersion rangeFixed in
appleios_15.4.1_and_ipados
appleios_and_ipados>= unspecified < 15.415.4
appleipados< 15.4.115.4.1
appleiphone_os< 15.4.115.4.1
applemacos>= 11.0 < 11.6.611.6.6
applemacos>= 12.0.0 < 12.3.112.3.1
applemacos>= unspecified < 12.312.3
applemacos_big_sur
applemacos_monterey
appletvos< 15.515.5
appletvos
applewatchos< 8.68.6
applewatchos
applewatchos>= unspecified < 8.68.6
applewatchos>= unspecified < 15.515.5
applewatchos>= unspecified < 11.611.6

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-22675 is an out-of-bounds write vulnerability in the AppleAVD kernel component, exploitable by a local application to achieve arbitrary code execution with kernel privileges; monitor for suspicious processes interacting with AppleAVD on unpatched Apple devices.
  • The vulnerable component is AppleAVD (Apple Audio Video Decoder) — a kernel-level component present across iOS, iPadOS, macOS, tvOS, and watchOS. Detection should focus on anomalous kernel-privilege escalation originating from media-processing contexts on affected platforms.
  • CVE-2022-22675 was confirmed as an in-the-wild 0-day at time of patch; treat any unpatched Apple device running iOS/iPadOS < 15.4.1, macOS Big Sur < 11.6.6, macOS Monterey < 12.3.1, watchOS < 8.6, or tvOS < 15.5 as actively at risk.
  • ·The vulnerability is an out-of-bounds write fixed via improved bounds checking; no public exploit code or specific attack chain details are available in the provided sources, limiting the ability to craft precise behavioral signatures.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.