PT-2022-15542 · Apple · Ipados+6

R3Df09

Published

2022-01-26

Updated

2022-03-28

CVE-2022-22585

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions iOS versions prior to 15.3 iPadOS versions prior to 15.3 watchOS versions prior to 8.4 tvOS versions prior to 15.3 macOS Monterey versions prior to 12.2 macOS Big Sur versions prior to 11.6.3

Description An issue existed within the path validation logic for symlinks, which was addressed with improved path sanitization. This could allow an application to access a user's files.

Recommendations For iOS versions prior to 15.3, update to iOS 15.3 or later. For iPadOS versions prior to 15.3, update to iPadOS 15.3 or later. For watchOS versions prior to 8.4, update to watchOS 8.4 or later. For tvOS versions prior to 15.3, update to tvOS 15.3 or later. For macOS Monterey versions prior to 12.2, update to macOS Monterey 12.2 or later. For macOS Big Sur versions prior to 11.6.3, update to macOS Big Sur 11.6.3 or later.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2022-22585

Affected Products

Apple Macos

Ios

Ipados

Macos Big Sur

Macos Monterey

Tvos

Watchos

PT-2022-15542 · Apple · Ipados+6

CVE-2022-22585

Weakness Enumeration

Related Identifiers

Affected Products

References · 11