CVE-2022-48503

Name of the Vulnerable Software and Affected Versions Apple iPadOS versions prior to 15.6 Apple tvOS versions prior to 15.6 Apple iOS versions prior to 15.6 Apple watchOS versions prior to 8.7 Apple macOS Monterey versions prior to 12.5 Apple Safari versions prior to 15.6 webkit2gtk (affected versions not specified) wpewebkit (affected versions not specified) MosOS (affected versions not specified) OpenSUSE (affected versions not specified)

Description This issue involves a memory buffer overflow in iPadOS, tvOS, Safari, iOS, watchOS, and macOS Monterey. The problem was addressed through improved bounds checks. Processing maliciously crafted web content may lead to arbitrary code execution. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog. A similar issue was found in webkitgtk and wpewebkit where processing maliciously crafted web content may also lead to arbitrary code execution.

Recommendations Update iPadOS to version 15.6 or later. Update tvOS to version 15.6 or later. Update iOS to version 15.6 or later. Update watchOS to version 8.7 or later. Update macOS Monterey to version 12.5 or later. Update Safari to version 15.6 or later. Upgrade webkit2gtk packages to the latest available version. Upgrade wpewebkit packages to the latest available version. At the moment, there is no information about a newer version that contains a fix for this vulnerability for MosOS. At the moment, there is no information about a newer version that contains a fix for this vulnerability for OpenSUSE.