⚠ Actively exploited
Added to CISA KEV on 2022-04-04. Federal agencies required to patch by 2022-04-25. Required action: Apply updates per vendor instructions..
CVE-2022-22675 — Out-of-bounds Write in Apple IOS AND Ipados
Severity
7.8HIGHNVD
EPSS
1.1%
top 21.99%
CISA KEV
KEV
Added 2022-04-04
Due 2022-04-25
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
KEV addedApr 4
KEV dueApr 25
PublishedMay 26
Latest updateMay 27
CISA Required Action: Apply updates per vendor instructions.
Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9