CVE-2022-42867 — Use After Free in Apple Tvos

CWE-416 — Use After Free14 documents9 sources

Severity

8.8HIGHNVD

EPSS

5.7%

top 9.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Tvos Apple Watchos Apple Ipados +3 more

Timeline

PublishedDec 15

Latest updateJan 9

Description

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5apple/tvosunspecified — 16.2+1

▶NVDapple/tvos< 16.2

▶NVDapple/macos< 13.1

▶NVDapple/ipados< 16.2

▶NVDapple/safari< 16.2

🔴Vulnerability Details

GHSA

GHSA-jhmj-whj3-74pr: A use after free issue was addressed with improved memory management↗2022-12-15

▶

OSV

CVE-2022-42867: A use after free issue was addressed with improved memory management↗2022-12-15

▶

CVEList

CVE-2022-42867: A use after free issue was addressed with improved memory management↗2022-12-15

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2023-01-09

▶

Red Hat

webkitgtk: use-after-free issue leading to arbitrary code execution↗2022-12-15

▶

Apple

CVE-2022-42867: watchOS 9.2↗2022-12-13

▶

Apple

CVE-2022-42867: tvOS16.2↗2022-12-13

▶

Apple

CVE-2022-42867: Safari 16.2↗2022-12-13

▶

🕵️Threat Intelligence

Sentinelone

7 Ways Threat Actors Deliver macOS Malware in the Enterprise↗2023-01-09

▶

Sentinelone

7 Ways Threat Actors Deliver macOS Malware in the Enterprise↗2023-01-09

▶