CVE-2022-42856

Name of the Vulnerable Software and Affected Versions Safari versions prior to 16.2 tvOS versions prior to 16.2 macOS Ventura versions prior to 13.1 iOS versions prior to 15.7.2 and 16.1.2 iPadOS versions prior to 15.7.2

Description A type confusion issue was addressed with improved state handling. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1. The issue is related to the Apple Webkit browser mechanism and allows malicious web content to lead to remote code execution (RCE) on a vulnerable device.

Recommendations For Safari versions prior to 16.2, update to Safari 16.2 or later. For tvOS versions prior to 16.2, update to tvOS 16.2 or later. For macOS Ventura versions prior to 13.1, update to macOS Ventura 13.1 or later. For iOS versions prior to 15.7.2 and 16.1.2, update to iOS 15.7.2, 16.1.2, or later. For iPadOS versions prior to 15.7.2, update to iPadOS 15.7.2 or later. As a temporary workaround, consider restricting access to malicious web content until the issue is resolved.