CVE-2022-22675: Apple macOS Out-of-Bounds Write Vulnerability
First published: Thu Mar 31 2022(Updated: )
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Credit: an anonymous researcher an anonymous researcher product-security@apple.com an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Monterey | <12.3.1 | 12.3.1 |
| Apple watchOS | <8.6 | 8.6 |
| Apple iPadOS | <15.4.1 | |
| Apple iPhone OS | <15.4.1 | |
| Apple macOS | >=11.0<11.6.6 | |
| Apple macOS | >=12.0.0<12.3.1 | |
| Apple tvOS | <15.5 | |
| Apple watchOS | <8.6 | |
| Apple tvOS | <15.5 | 15.5 |
| Apple iOS | <15.4.1 | 15.4.1 |
| Apple iPadOS | <15.4.1 | 15.4.1 |
| Apple macOS Big Sur | <11.6.6 | 11.6.6 |
| Apple macOS | ||
| <15.4.1 | ||
| <15.4.1 | ||
| >=11.0<11.6.6 | ||
| >=12.0.0<12.3.1 | ||
| <15.5 | ||
| <8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213220 (Advisory)
- https://support.apple.com/en-us/HT213253 (Advisory)
- https://support.apple.com/en-us/HT213219 (Advisory)
- https://support.apple.com/en-us/HT213254 (Advisory)
- https://support.apple.com/en-us/HT213256 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2022-22675
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-22675
- CVE-2022-22674
- CVE-2022-26702
- CVE-2022-26763
- CVE-2022-26711
- CVE-2022-26768
- CVE-2022-26771
- CVE-2022-26714
- CVE-2022-26757
- CVE-2022-26764
- CVE-2022-26765
- CVE-2022-26706
- CVE-2022-26775
- CVE-2022-26708
- CVE-2022-32790
- CVE-2022-26776
- CVE-2022-23308
- CVE-2022-26766
- CVE-2022-26726
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26717
- CVE-2022-26716
- CVE-2022-26719
- CVE-2022-26745
- CVE-2022-26724
- CVE-2022-26736
- CVE-2022-26737
- CVE-2022-26738
- CVE-2022-26739
- CVE-2022-26740
- CVE-2022-26701
- CVE-2021-44224
- CVE-2021-44790
- CVE-2022-22719
- CVE-2022-22720
- CVE-2022-22721
- CVE-2022-22665
- CVE-2022-22630
- CVE-2022-26751
- CVE-2022-26698
- CVE-2022-26697
- CVE-2022-22663
- CVE-2022-26721
- CVE-2022-26722
- CVE-2022-26720
- CVE-2022-26770
- CVE-2022-26756
- CVE-2022-26769
- CVE-2022-26748
- CVE-2021-30946
- CVE-2022-26767
- CVE-2022-32882
- CVE-2022-0778
- CVE-2022-32794
- CVE-2022-26712
- CVE-2022-26746
- CVE-2022-26731
- CVE-2022-26718
- CVE-2022-26723
- CVE-2022-26715
- CVE-2022-26728
- CVE-2022-26755
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-22589
- CVE-2022-26761
- CVE-2022-0530
- CVE-2018-25032
- CVE-2021-45444
Frequently Asked Questions
What is CVE-2022-22675?
CVE-2022-22675 is an out-of-bounds write vulnerability in Apple macOS.
How does CVE-2022-22675 affect Apple macOS?
CVE-2022-22675 affects Apple macOS by allowing an attacker to perform an out-of-bounds write.
Is CVE-2022-22675 actively exploited?
Apple is aware of a report that CVE-2022-22675 may have been actively exploited.
How can I fix CVE-2022-22675 on macOS Big Sur?
Update macOS Big Sur to version 11.6.6 to fix CVE-2022-22675.
How can I fix CVE-2022-22675 on macOS Monterey?
Update macOS Monterey to version 12.3.1 to fix CVE-2022-22675.
- collector/apple-support
- agent/type
- agent/first-publish-date
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/title
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- source/Apple
- agent/software-canonical-lookup
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/trending
- vendor/apple
- canonical/apple macos monterey
- canonical/apple watchos
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/11.0
- version/apple macos/12.0.0
- canonical/apple tvos
- canonical/apple ios
- canonical/apple macos big sur