PT-2022-3415 · Apple+8 · Ipados+14

Sorrymybad

·

Published

2022-05-16

·

Updated

2023-08-08

·

CVE-2022-26716

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Apple tvOS versions prior to 15.5 Apple iOS versions prior to 15.5 Apple iPadOS versions prior to 15.5 Apple watchOS versions prior to 8.6 Apple macOS Monterey versions prior to 12.4 Apple Safari versions prior to 15.5
Description A memory corruption issue was addressed with improved state management. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to insufficient input validation in WebKitGTK and WPE WebKit modules, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.
Recommendations For Apple tvOS versions prior to 15.5, update to tvOS 15.5 to resolve the issue. For Apple iOS versions prior to 15.5, update to iOS 15.5 to resolve the issue. For Apple iPadOS versions prior to 15.5, update to iPadOS 15.5 to resolve the issue. For Apple watchOS versions prior to 8.6, update to watchOS 8.6 to resolve the issue. For Apple macOS Monterey versions prior to 12.4, update to macOS Monterey 12.4 to resolve the issue. For Apple Safari versions prior to 15.5, update to Safari 15.5 to resolve the issue.

Fix

Memory Corruption

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-20

Related Identifiers

ALSA-2022:7704
ALSA-2022:8054
BDU:2022-04191
CESA-2022_7704
CVE-2022-26716
DSA-5154-1
DSA-5155-1
OPENSUSE-SU-2022_2071-1
OPENSUSE-SU-2022_2072-1
RHSA-2022:7704
RHSA-2022:8054
RHSA-2022_7704
RHSA-2022_8054
RHSA-2025:10364
RLSA-2022:7704
RLSA-2022:8054
SUSE-SU-2022:2030-1
SUSE-SU-2022:2071-1
SUSE-SU-2022:2072-1
SUSE-SU-2022:2089-1
USN-5457-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Ios
Ipados
Macos Monterey
Tvos
Watchos