What is CVE-2022-22620?

CVE-2022-22620 is a remote code execution vulnerability in Apple Webkit that affects iOS, iPadOS, and macOS.

Which software is affected by CVE-2022-22620?

CVE-2022-22620 affects Apple Webkit, iOS, iPadOS, macOS Monterey, and Safari.

What is the severity of CVE-2022-22620?

The severity of CVE-2022-22620 is not mentioned in the provided information.

How can I fix CVE-2022-22620?

To fix CVE-2022-22620, it is recommended to update to the latest version of Apple Webkit, iOS, iPadOS, macOS Monterey, and Safari.

Where can I find more information about CVE-2022-22620?

More information about CVE-2022-22620 can be found in the references provided: [Reference 1](https://support.apple.com/en-us/HT213093), [Reference 2](https://support.apple.com/en-us/HT213092), [Reference 3](https://support.apple.com/en-us/HT213091).

Vulnerability/
CVE-2022-22620

Exploited

high

8.8

CWE

416

10/2/2022

11/2/2022

16/5/2024

CVE-2022-22620: Apple Webkit Remote Code Execution Vulnerability

First published: Thu Feb 10 2022(Updated: )

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Credit: an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com product-security@apple.com

Affected Software	Affected Version	How to fix
Apple Safari	<15.3	15.3
Apple macOS Monterey	<12.2.1	12.2.1
Apple iOS	<15.3.1	15.3.1
Apple iPadOS	<15.3.1	15.3.1
Apple Safari	<15.3
Apple iPadOS	<15.3.1
Apple iPhone OS	<15.3.1
Apple macOS	>=12.0.0<12.2.1
Apple iOS, iPadOS, and macOS

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213091 (Advisory)
https://support.apple.com/en-us/HT213092 (Advisory)
https://support.apple.com/en-us/HT213093 (Advisory)
https://security.gentoo.org/glsa/202208-39

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2022-22620

Frequently Asked Questions

What is CVE-2022-22620?
CVE-2022-22620 is a remote code execution vulnerability in Apple Webkit that affects iOS, iPadOS, and macOS.
Which software is affected by CVE-2022-22620?
CVE-2022-22620 affects Apple Webkit, iOS, iPadOS, macOS Monterey, and Safari.
What is the severity of CVE-2022-22620?
The severity of CVE-2022-22620 is not mentioned in the provided information.
How can I fix CVE-2022-22620?
To fix CVE-2022-22620, it is recommended to update to the latest version of Apple Webkit, iOS, iPadOS, macOS Monterey, and Safari.
Where can I find more information about CVE-2022-22620?
More information about CVE-2022-22620 can be found in the references provided: [Reference 1](https://support.apple.com/en-us/HT213093), [Reference 2](https://support.apple.com/en-us/HT213092), [Reference 3](https://support.apple.com/en-us/HT213091).

collector/apple-support
agent/first-publish-date
agent/last-modified-date
agent/type
agent/event
agent/title
agent/severity
agent/references
agent/author
agent/weakness
agent/software-canonical-lookup-request
collector/nvd-index
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/softwarecombine
agent/description
agent/tags
collector/nvd-api
source/NVD
vendor/apple
canonical/apple safari
canonical/apple macos monterey
canonical/apple ios
canonical/apple ipados
canonical/apple iphone os
canonical/apple macos
version/apple macos/12.0.0
canonical/apple ios, ipados, and macos