PT-2022-4250 · Apple+9 · Safari+12

Published

2022-08-17

·

Updated

2025-10-23

·

CVE-2022-32893

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 15.6.1 Apple iPadOS versions prior to 15.6.1 Apple macOS versions prior to Monterey 12.5.1 Apple Safari versions prior to 15.6.1
Description The issue is related to insufficient input validation in WebKit modules for displaying web pages in macOS, iOS, and iPadOS. It allows a remote attacker to execute arbitrary code by exploiting an out-of-bounds write issue. Processing maliciously crafted web content may lead to arbitrary code execution. There are reports that this issue may have been actively exploited.
Recommendations For Apple iOS versions prior to 15.6.1, update to iOS 15.6.1 or later. For Apple iPadOS versions prior to 15.6.1, update to iPadOS 15.6.1 or later. For Apple macOS versions prior to Monterey 12.5.1, update to macOS Monterey 12.5.1 or later. For Apple Safari versions prior to 15.6.1, update to Safari 15.6.1 or later.

Fix

Memory Corruption

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-20

Related Identifiers

ALSA-2022:6540
ALSA-2022:6634
ALSA-2022_6540
ALSA-2022_6634
ALT-PU-2022-2493
ALT-PU-2022-2494
ALT-PU-2022-2495
BDU:2022-05100
CESA-2022_6540
CVE-2022-32893
DLA-3087-1
DSA-5219-1
DSA-5220-1
ELSA-2022-6540
ELSA-2022-6634
MGASA-2022-0317
OPENSUSE-SU-2022_3137-1
OPENSUSE-SU-2022_3351-1
RHSA-2022:6540
RHSA-2022:6634
RHSA-2022_6540
RHSA-2022_6634
RHSA-2025:10364
RLSA-2022:6540
RLSA-2022:6634
RLSA-2022_6540
RLSA-2022_6634
SUSE-SU-2022:3136-1
SUSE-SU-2022:3137-1
SUSE-SU-2022:3351-1
SUSE-SU-2022:3352-1
SUSE-SU-2022_3136-1
SUSE-SU-2022_3137-1
SUSE-SU-2022_3351-1
SUSE-SU-2022_3352-1
USN-5611-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Ios
Ipados