CVE-2022-22672
First published: Mon Mar 14 2022(Updated: )
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges.
Credit: Siddharth Aeri @b1n4r1b01 Siddharth Aeri @b1n4r1b01 Siddharth Aeri @b1n4r1b01 Siddharth Aeri @b1n4r1b01 product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <15.4 | 15.4 |
| Apple iPadOS | <15.4 | 15.4 |
| Apple macOS Monterey | <12.3 | 12.3 |
| Apple macOS Big Sur | <11.6.5 | 11.6.5 |
| Apple Catalina | ||
| Apple iPadOS | <15.4 | |
| Apple iPhone OS | <15.4 | |
| Apple Mac OS X | >=10.15<10.15.7 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-security_update_2020 | |
| Apple Mac OS X | =10.15.7-security_update_2020-001 | |
| Apple Mac OS X | =10.15.7-security_update_2020-005 | |
| Apple Mac OS X | =10.15.7-security_update_2020-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-001 | |
| Apple Mac OS X | =10.15.7-security_update_2021-002 | |
| Apple Mac OS X | =10.15.7-security_update_2021-003 | |
| Apple Mac OS X | =10.15.7-security_update_2021-006 | |
| Apple Mac OS X | =10.15.7-security_update_2021-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-008 | |
| Apple Mac OS X | =10.15.7-security_update_2022-001 | |
| Apple Mac OS X | =10.15.7-security_update_2022-002 | |
| Apple Mac OS X | =10.15.7-supplemental_update | |
| Apple macOS | >=11.0<11.6.5 | |
| Apple macOS | >=12.0.0<12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213182 (Advisory)
- https://support.apple.com/en-us/HT213183 (Advisory)
- https://support.apple.com/en-us/HT213184 (Advisory)
- https://support.apple.com/en-us/HT213185 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-22633
- CVE-2022-22669
- CVE-2022-22665
- CVE-2022-22630
- CVE-2022-22631
- CVE-2022-22625
- CVE-2022-22648
- CVE-2022-22626
- CVE-2022-22627
- CVE-2022-22597
- CVE-2022-22616
- CVE-2022-22663
- CVE-2022-26691
- CVE-2021-22946
- CVE-2021-22947
- CVE-2021-22945
- CVE-2022-22643
- CVE-2022-22657
- CVE-2022-22664
- CVE-2021-30977
- CVE-2022-22611
- CVE-2022-22612
- CVE-2022-46706
- CVE-2022-22661
- CVE-2022-22641
- CVE-2022-22613
- CVE-2022-22614
- CVE-2022-22615
- CVE-2022-22632
- CVE-2022-22638
- CVE-2022-22640
- CVE-2021-30946
- CVE-2021-36976
- CVE-2022-21658
- CVE-2022-22647
- CVE-2022-22656
- CVE-2022-22672
- CVE-2022-22644
- CVE-2022-26690
- CVE-2022-26688
- CVE-2022-22617
- CVE-2022-22609
- CVE-2022-22650
- CVE-2022-22655
- CVE-2022-22600
- CVE-2022-22599
- CVE-2022-22651
- CVE-2022-22639
- CVE-2022-22660
- CVE-2022-22621
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
- CVE-2021-30918
- CVE-2022-22662
- CVE-2022-22610
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22637
- CVE-2022-22668
- CVE-2022-22582
- CVE-2022-22589
- CVE-2022-22666
- CVE-2022-22634
- CVE-2022-22635
- CVE-2022-22636
- CVE-2022-22652
- CVE-2022-22598
- CVE-2022-22642
- CVE-2022-22667
- CVE-2022-22653
- CVE-2022-22596
- CVE-2022-22622
- CVE-2022-22670
- CVE-2022-22659
- CVE-2022-22618
- CVE-2022-22671
Frequently Asked Questions
What is CVE-2022-22672?
CVE-2022-22672 is a memory corruption issue in MobileAccessoryUpdater that has been addressed with improved memory handling.
Which Apple products are affected by CVE-2022-22672?
CVE-2022-22672 affects Apple Catalina, macOS Big Sur (up to version 11.6.5), iOS (up to version 15.4), iPadOS (up to version 15.4), and macOS Monterey (up to version 12.3).
How serious is CVE-2022-22672?
CVE-2022-22672 is a memory corruption vulnerability, which could potentially be exploited to execute arbitrary code or cause a crash.
How can I fix CVE-2022-22672?
To fix CVE-2022-22672, update your affected Apple device to the recommended software version provided by Apple.
Where can I find more information about CVE-2022-22672?
You can find more information about CVE-2022-22672 on the Apple support website.
- collector/apple-support
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/software-canonical-lookup-request
- agent/tags
- agent/event
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple macos monterey
- canonical/apple catalina
- canonical/apple macos big sur
- canonical/apple ios
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.15
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-security_update_2020
- version/apple mac os x/10.15.7-security_update_2020-001
- version/apple mac os x/10.15.7-security_update_2020-005
- version/apple mac os x/10.15.7-security_update_2020-007
- version/apple mac os x/10.15.7-security_update_2021-001
- version/apple mac os x/10.15.7-security_update_2021-002
- version/apple mac os x/10.15.7-security_update_2021-003
- version/apple mac os x/10.15.7-security_update_2021-006
- version/apple mac os x/10.15.7-security_update_2021-007
- version/apple mac os x/10.15.7-security_update_2021-008
- version/apple mac os x/10.15.7-security_update_2022-001
- version/apple mac os x/10.15.7-security_update_2022-002
- version/apple mac os x/10.15.7-supplemental_update
- canonical/apple macos
- version/apple macos/11.0
- version/apple macos/12.0.0