CVE-2022-22655
First published: Mon Mar 14 2022(Updated: )
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.
Credit: Csaba Fitzl @theevilbit Offensive SecurityCsaba Fitzl @theevilbit Offensive Security product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Monterey | <12.3 | 12.3 |
| Apple iOS | <15.4 | 15.4 |
| Apple iPadOS | <15.4 | 15.4 |
| Apple iPadOS | >=15.0<15.4 | |
| Apple iPhone OS | >=15.0<15.4 | |
| Apple macOS | >=12.0.0<12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213182 (Advisory)
- https://support.apple.com/en-us/HT213183 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-22633
- CVE-2022-22669
- CVE-2022-22665
- CVE-2022-22630
- CVE-2022-22631
- CVE-2022-22625
- CVE-2022-22648
- CVE-2022-22626
- CVE-2022-22627
- CVE-2022-22597
- CVE-2022-22616
- CVE-2022-22663
- CVE-2022-26691
- CVE-2021-22946
- CVE-2021-22947
- CVE-2021-22945
- CVE-2022-22643
- CVE-2022-22657
- CVE-2022-22664
- CVE-2021-30977
- CVE-2022-22611
- CVE-2022-22612
- CVE-2022-46706
- CVE-2022-22661
- CVE-2022-22641
- CVE-2022-22613
- CVE-2022-22614
- CVE-2022-22615
- CVE-2022-22632
- CVE-2022-22638
- CVE-2022-22640
- CVE-2021-30946
- CVE-2021-36976
- CVE-2022-21658
- CVE-2022-22647
- CVE-2022-22656
- CVE-2022-22672
- CVE-2022-22644
- CVE-2022-26690
- CVE-2022-26688
- CVE-2022-22617
- CVE-2022-22609
- CVE-2022-22650
- CVE-2022-22655
- CVE-2022-22600
- CVE-2022-22599
- CVE-2022-22651
- CVE-2022-22639
- CVE-2022-22660
- CVE-2022-22621
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
- CVE-2021-30918
- CVE-2022-22662
- CVE-2022-22610
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22637
- CVE-2022-22668
- CVE-2022-22582
- CVE-2022-22666
- CVE-2022-22634
- CVE-2022-22635
- CVE-2022-22636
- CVE-2022-22652
- CVE-2022-22598
- CVE-2022-22642
- CVE-2022-22667
- CVE-2022-22653
- CVE-2022-22596
- CVE-2022-22622
- CVE-2022-22670
- CVE-2022-22659
- CVE-2022-22618
- CVE-2022-22671
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-22655.
What is the severity of CVE-2022-22655?
The severity of CVE-2022-22655 is medium, with a severity value of 5.5.
What is the description of CVE-2022-22655?
CVE-2022-22655 is an access issue that was addressed with improvements to the sandbox. It can allow an app to leak sensitive user information.
Which software versions are affected by CVE-2022-22655?
CVE-2022-22655 affects macOS Monterey 12.0.0 up to but not including 12.3, iOS 15.0 up to but not including 15.4, and iPadOS 15.0 up to but not including 15.4.
How can I fix CVE-2022-22655?
CVE-2022-22655 is fixed in macOS Monterey 12.3, iOS 15.4, and iPadOS 15.4. Update to these versions to mitigate the vulnerability.
- collector/apple-support
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/references
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/description
- collector/nvd-index
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- vendor/apple
- canonical/apple macos monterey
- canonical/apple ios
- canonical/apple ipados
- version/apple ipados/15.0
- canonical/apple iphone os
- version/apple iphone os/15.0
- canonical/apple macos
- version/apple macos/12.0.0