CVE-2022-22620

Description from NVD

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Information Acquisition Date:2022-06-21T14:54Z

CVSS 2.0: 6.8 MEDIUM CVSS 3.x: 8.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:P/I:P/A:P

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://support.apple.com/en-us/HT213092
source:MISC
tags:Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213093
source:MISC
tags:Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213091
source:MISC
tags:Release Notes Vendor Advisory

Description from Forti

About the security content of macOS Monterey 12 2 1

Information Acquisition Date:2022/02/13

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URL	Num of Times Referred to
https://cvetrends.com	62
https://lists.astaro.com/ASGV9-IPS-rules.html#0	45
https://thehackernews.com/2022/02/apple-releases-ios-ipados...	7
https://blog.kaspersky.co.jp/webkit-vulnerability-cve-2022-...	5
https://www.kaspersky.es/blog/webkit-vulnerability-cve-2022...	4
https://latam.kaspersky.com/blog/webkit-vulnerability-cve-2...	4
https://www.bleepingcomputer.com/news/security/apple-patche...	4
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-o...	4
https://kas.pr/5xsz	3
https://go.usa.gov/xtHCF	3
https://twitter.com/USCERT_gov/status/1491907918962335751	3
https://support.apple.com/en-us/HT213093	3
https://www.kaspersky.com/blog/webkit-vulnerability-cve-202...	3
https://www.securityweek.com/apple-says-webkit-zero-day-hit...	3
https://securityboulevard.com/2022/02/apples-zero-day-0-cli...	3
https://www.helpnetsecurity.com/2022/02/11/cve-2022-22620	3
https://googleprojectzero.github.io/0days-in-the-wild//0day...	3

Information from Twitter

User	URL	Info Source	Date
ipssignatures	http://update1.hillstonenet.com/support/IPS_Help/en/HTTP/33...	Source ipssignatures 1586931473814376451	2022/10/31
ipssignatures	https://ipssignatures.appspot.com/?cve=CVE-2022-22620	Source ipssignatures 1586931474468577288	2022/10/31
kwikgo	https://vulcan.io/blog/how-to-fix-the-zero-day-cve-2022-226...	Source kwikgo 1593700042900066305	2022/11/19

List of frequently cited URLs

URL	Num of Times Referred to
cvetrends.com	62
lists.astaro.com	45
thehackernews.com	7
blog.kaspersky.co.jp	5
www.kaspersky.es	4
latam.kaspersky.com	4
www.bleepingcomputer.com	4
googleprojectzero.blogspot.com	4
kas.pr	3
go.usa.gov	3
twitter.com	3
support.apple.com	3
www.kaspersky.com	3
www.securityweek.com	3
securityboulevard.com	3
www.helpnetsecurity.com	3
googleprojectzero.github.io	3

Information from Twitter

User	URL	Info Source
ipssignatures	update1.hillstonenet.com	Show Tweet
ipssignatures	ipssignatures.appspot.com	Show Tweet
kwikgo	vulcan.io	Show Tweet

GitHub Search Results: Up to 10

Name	URL
No Data

GitHub Search Results: Up to 10

Name	URL
No Data

2022/11/19 Score : 1
Added Har-sia Database : 2022/02/11
Last Modified : 2022/11/19
Highest Scored Date : 2022/02/11
Highest Score : 129