What is CVE-2022-22585?

CVE-2022-22585 is a vulnerability that existed within the path validation logic for symlinks in iCloud which has been addressed with improved path sanitization.

Which software versions are affected by CVE-2022-22585?

CVE-2022-22585 affects Apple iOS up to version 15.3, Apple iPadOS up to version 15.3, Apple tvOS up to version 15.3, Apple macOS Monterey up to version 12.2, Apple macOS Big Sur up to version 11.6.3, and Apple watchOS up to version 8.4.

How can I fix CVE-2022-22585?

To fix CVE-2022-22585, it is recommended to update your affected software to the latest versions provided by Apple.

Where can I find more information about CVE-2022-22585?

You can find more information about CVE-2022-22585 on the official Apple support page with the reference links: [https://support.apple.com/en-us/HT213054](https://support.apple.com/en-us/HT213054), [https://support.apple.com/en-us/HT213053](https://support.apple.com/en-us/HT213053), [https://support.apple.com/en-us/HT213055](https://support.apple.com/en-us/HT213055).

Vulnerability/
CVE-2022-22585

high

7.5

CWE

26/1/2022

18/3/2022

11/5/2023

CVE-2022-22585

First published: Wed Jan 26 2022(Updated: )

iCloud. An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.

Credit: Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab product-security@apple.com

Affected Software	Affected Version	How to fix
Apple macOS Big Sur	<11.6.3	11.6.3
Apple watchOS	<8.4	8.4
Apple tvOS	<15.3	15.3
Apple macOS Monterey	<12.2	12.2
Apple iOS	<15.3	15.3
Apple iPadOS	<15.3	15.3
Apple iPadOS	<15.3
Apple iPhone OS	<15.3
Apple macOS	<11.6.3
Apple macOS	>=12.0.0<12.2
Apple tvOS	<15.3
Apple watchOS	<8.4

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213053 (Advisory)
https://support.apple.com/en-us/HT213054 (Advisory)
https://support.apple.com/en-us/HT213055 (Advisory)
https://support.apple.com/en-us/HT213057 (Advisory)
https://support.apple.com/en-us/HT213059 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2022-22585?
CVE-2022-22585 is a vulnerability that existed within the path validation logic for symlinks in iCloud which has been addressed with improved path sanitization.
Which software versions are affected by CVE-2022-22585?
CVE-2022-22585 affects Apple iOS up to version 15.3, Apple iPadOS up to version 15.3, Apple tvOS up to version 15.3, Apple macOS Monterey up to version 12.2, Apple macOS Big Sur up to version 11.6.3, and Apple watchOS up to version 8.4.
How can I fix CVE-2022-22585?
To fix CVE-2022-22585, it is recommended to update your affected software to the latest versions provided by Apple.
Where can I find more information about CVE-2022-22585?
You can find more information about CVE-2022-22585 on the official Apple support page with the reference links: [https://support.apple.com/en-us/HT213054](https://support.apple.com/en-us/HT213054), [https://support.apple.com/en-us/HT213053](https://support.apple.com/en-us/HT213053), [https://support.apple.com/en-us/HT213055](https://support.apple.com/en-us/HT213055).

collector/apple-support
agent/software-canonical-lookup-request
collector/nvd-index
agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
vendor/apple
canonical/apple ios
canonical/apple ipados
canonical/apple macos monterey
canonical/apple macos big sur
canonical/apple tvos
canonical/apple watchos
canonical/apple iphone os
canonical/apple macos
version/apple macos/12.0.0