CVE-2022-22629

Name of the Vulnerable Software and Affected Versions Safari versions prior to 15.4 iTunes versions prior to 12.12.3 for Windows macOS versions prior to Monterey 12.3 watchOS versions prior to 8.5 iOS versions prior to 15.4 iPadOS versions prior to 15.4 tvOS versions prior to 15.4 WebKitGTK and WPE WebKit (affected versions not specified)

Description The issue is related to a buffer overflow in the WebKitGTK and WPE WebKit modules, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. Processing maliciously crafted web content may lead to arbitrary code execution.

Recommendations For Safari versions prior to 15.4, update to Safari 15.4 or later. For iTunes versions prior to 12.12.3 for Windows, update to iTunes 12.12.3 or later. For macOS versions prior to Monterey 12.3, update to macOS Monterey 12.3 or later. For watchOS versions prior to 8.5, update to watchOS 8.5 or later. For iOS versions prior to 15.4, update to iOS 15.4 or later. For iPadOS versions prior to 15.4, update to iPadOS 15.4 or later. For tvOS versions prior to 15.4, update to tvOS 15.4 or later. As a temporary workaround for WebKitGTK and WPE WebKit, consider restricting access to malicious web content until a patch is available.