CVE-2022-22675
published 2022-05-26CVE-2022-22675: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey…
PriorityP184high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-25
Exploited in the wild
EPSS
12.64%
95.8th percentile
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.4.1_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 15.4 | 15.4 |
| apple | ipados | < 15.4.1 | 15.4.1 |
| apple | iphone_os | < 15.4.1 | 15.4.1 |
| apple | macos | >= 11.0 < 11.6.6 | 11.6.6 |
| apple | macos | >= 12.0.0 < 12.3.1 | 12.3.1 |
| apple | macos | >= unspecified < 12.3 | 12.3 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | tvos | < 15.5 | 15.5 |
| apple | tvos | — | — |
| apple | watchos | < 8.6 | 8.6 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < 8.6 | 8.6 |
| apple | watchos | >= unspecified < 15.5 | 15.5 |
| apple | watchos | >= unspecified < 11.6 | 11.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-22675 is an out-of-bounds write vulnerability in the AppleAVD kernel component, exploitable by a local application to achieve arbitrary code execution with kernel privileges; monitor for suspicious processes interacting with AppleAVD on unpatched Apple devices. ↗
- →The vulnerable component is AppleAVD (Apple Audio Video Decoder) — a kernel-level component present across iOS, iPadOS, macOS, tvOS, and watchOS. Detection should focus on anomalous kernel-privilege escalation originating from media-processing contexts on affected platforms. ↗
- →CVE-2022-22675 was confirmed as an in-the-wild 0-day at time of patch; treat any unpatched Apple device running iOS/iPadOS < 15.4.1, macOS Big Sur < 11.6.6, macOS Monterey < 12.3.1, watchOS < 8.6, or tvOS < 15.5 as actively at risk. ↗
- ·The vulnerability is an out-of-bounds write fixed via improved bounds checking; no public exploit code or specific attack chain details are available in the provided sources, limiting the ability to craft precise behavioral signatures. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2022-22675: macOS Big Sur 11.6.6
vendor_apple·2022-05-16·CVSS 7.8
CVE-2022-22675 [HIGH] CVE-2022-22675: macOS Big Sur 11.6.6
Apple Security Update: About the security content of macOS Big Sur 11.6.6
Product: macOS Big Sur
Version: 11.6.6
CVE: CVE-2022-22675
Component: AppleAVD
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-22675: watchOS 8.6
vendor_apple·2022-05-16·CVSS 7.8
CVE-2022-22675 [HIGH] CVE-2022-22675: watchOS 8.6
Apple Security Update: About the security content of watchOS 8.6
Product: watchOS
Version: 8.6
CVE: CVE-2022-22675
Component: AppleAVD
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-22675: tvOS 15.5
vendor_apple·2022-05-16·CVSS 7.8
CVE-2022-22675 [HIGH] CVE-2022-22675: tvOS 15.5
Apple Security Update: About the security content of tvOS 15.5
Product: tvOS
Version: 15.5
CVE: CVE-2022-22675
Component: AppleAVD
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CISA
Apple macOS Out-of-Bounds Write Vulnerability
cisa·2022-04-04·CVSS 7.8
CVE-2022-22675 [HIGH] CWE-20 Apple macOS Out-of-Bounds Write Vulnerability
Vulnerability: Apple macOS Out-of-Bounds Write Vulnerability
Affected: Apple macOS
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22675
Remediation Due Date: 2022-04-25
Apple
CVE-2022-22675: iOS 15.4.1 and iPadOS 15.4.1
vendor_apple·2022-03-31·CVSS 7.8
CVE-2022-22675 [HIGH] CVE-2022-22675: iOS 15.4.1 and iPadOS 15.4.1
Apple Security Update: About the security content of iOS 15.4.1 and iPadOS 15.4.1
Product: iOS 15.4.1 and iPadOS
Version: 15.4.1
CVE: CVE-2022-22675
Component: AppleAVD
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-22675: macOS Monterey 12.3.1
vendor_apple·2022-03-31·CVSS 7.8
CVE-2022-22675 [HIGH] CVE-2022-22675: macOS Monterey 12.3.1
Apple Security Update: About the security content of macOS Monterey 12.3.1
Product: macOS Monterey
Version: 12.3.1
CVE: CVE-2022-22675
Component: AppleAVD
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking. Apple is aware of a report that this issue may have been actively exploited.
GHSA
GHSA-xj88-rf28-xgv9: An out-of-bounds write issue was addressed with improved bounds checking
ghsa_unreviewed·2022-05-27
CVE-2022-22675 [HIGH] CWE-787 GHSA-xj88-rf28-xgv9: An out-of-bounds write issue was addressed with improved bounds checking
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
VulnCheck
Apple macOS Out-of-Bounds Write Vulnerability
vulncheck·2022·CVSS 7.8
CVE-2022-22675 [HIGH] CWE-20 Apple macOS Out-of-Bounds Write Vulnerability
Apple macOS Out-of-Bounds Write Vulnerability
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Affected: Apple MacOS X
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://support.apple.com/kb/HT213219; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://support.apple.com/kb/HT213253; https://support.apple.com/kb/HT213254; https://support.apple.com/kb/HT213256; https://cisa.gov/news-events/alerts/2022/05/17/apple-releases-security-updates-multiple-products; https://raw.githubusercontent.com/blackorbird/APT_REPORT/master/summary/2
Project0
Project Zero RCA: CVE-2022-22675: AppleAVD Overflow in AVC_RBSP::parseHRD
project_zero·CVSS 7.8
CVE-2022-22675 [HIGH] Project Zero RCA: CVE-2022-22675: AppleAVD Overflow in AVC_RBSP::parseHRD
# CVE-2022-22675: AppleAVD Overflow in AVC_RBSP::parseHRD
*Natalie Silvanovich*
## The Basics
**Disclosure or Patch Date:** March 31, 2022
**Product:** Apple iOS, MacOS
**Advisory:**
*iOS:* https://support.apple.com/en-us/HT213219
*Mac:* https://support.apple.com/en-us/HT213220
**Affected Versions:**
*Reachable by thumbnailing media file:* MacOS 12.3 / iOS 15.4
*Reachable from local code only:* MacOS 12.2.1 / iOS 15.3.1 and previous
**First Patched Version:** MacOS 12.3.1 / iOS 15.4.1
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** an anonymous researcher
## The Code
**Proof-of-concept:**
Partial PoC below triggers patch log output, but does not crash
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-2
No detection rules found.
No public exploits indexed.
Sentinelone
22 Cybersecurity Twitter Accounts You Should Follow in 2022
blogs_sentinelone·2022-05-23·CVSS 7.8
[HIGH] 22 Cybersecurity Twitter Accounts You Should Follow in 2022
As we navigate towards the midway-point of 2022, and despite current uncertainty over the company’s ownership, there is no doubt that Twitter remains cybersecurity’s favorite social media sharing platform. Whether you’re looking for the latest news on ransomware attacks and cybercrime, APTs and cyber war, digital forensics and incident response, malware outbreaks or reverse engineering, Twitter has it all and more.
Infosec is all about sharing knowledge, and on Twitter you’ll find our industry’s finest and brightest doing just that. So who should you be following in 2022 to stay up with current events, expand your knowledge and learn about new skills and resources? We’ve hand-picked 22 essential cybersecurity accounts for you to follow in 2022. While some you will find on our lists from p
Sentinelone
22 Cybersecurity Twitter Accounts You Should Follow in 2022
blogs_sentinelone·2022-05-23·CVSS 7.8
[HIGH] 22 Cybersecurity Twitter Accounts You Should Follow in 2022
As we navigate towards the midway-point of 2022, and despite current uncertainty over the company’s ownership, there is no doubt that Twitter remains cybersecurity’s favorite social media sharing platform. Whether you’re looking for the latest news on ransomware attacks and cybercrime, APTs and cyber war, digital forensics and incident response, malware outbreaks or reverse engineering, Twitter has it all and more.
Infosec is all about sharing knowledge, and on Twitter you’ll find our industry’s finest and brightest doing just that. So who should you be following in 2022 to stay up with current events, expand your knowledge and learn about new skills and resources? We’ve hand-picked 22 essential cybersecurity accounts for you to follow in 2022 . While some you will find on our lists from
Checkpoint
23rd May – Threat Intelligence Report
blogs_checkpoint·2022-05-23
CVE-2022-22675 23rd May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 23rd May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 23rd May, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research has unveiled a targeted cyber-espionage operation against at least two research institutes in Russia, which are part of the Rostec Corporation, a state-owned defense conglomerate. The sophisticated campaign, which CPR dubbed “Twisted Panda”, has been attributed to Chinese threat actors, with possible connecti
Checkpoint
4th April – Threat Intelligence Report
blogs_checkpoint·2022-04-04
CVE-2022-22965 4th April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 4th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 4th April, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research (CPR) revealed a large spike in attacks committed by advanced persistent threat groups (APTs) around the world, using lures utilizing the war between Russia and Ukraine. Most of the attacks started with spear-phishing emails that contained documents with malicious macros dropping malware such as Loki.Rat ba
https://support.apple.com/en-us/HT213219https://support.apple.com/en-us/HT213220https://support.apple.com/en-us/HT213253https://support.apple.com/en-us/HT213254https://support.apple.com/en-us/HT213256https://support.apple.com/en-us/HT213219https://support.apple.com/en-us/HT213220https://support.apple.com/en-us/HT213253https://support.apple.com/en-us/HT213254https://support.apple.com/en-us/HT213256https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22675
2022-05-26
Published
2022-04-04
Added to CISA KEV
Exploited in the wild