First published: Mon May 16 2022(Updated: )
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.
Credit: product-security@apple.com Arsenii Kostromin (0x3c3e) MicrosoftJonathan Bar Or MicrosoftWojciech Reguła @_r3ggi SecuRingZhipeng Huo @R3dF09 Tencent Security Xuanwu LabYuebin Sun @yuebinsun2020 Tencent Security Xuanwu LabMax Shavrick @_mxms the Google Security TeamZubair Ashraf CrowdstrikeCVE-2022-0778 CVE-2022-23308 Paul Walker BuryNathaniel Ekoniak Ennate TechnologiesMickey Jin @patch1t @gorelics an anonymous researcher Linus Henze Pinauten GmbHPeter Nguyễn Vũ Hoàng STAR LabsFelix Poulin-Belanger Gergely Kalman @gergely_kalman Mandiant MandiantJoshua Mason MandiantAntonio Cheong Yu Xuan YCISCQArsenii Kostromin (0x3c3e) Ron Waisberg SecuRingan anonymous researcher SecuRing Perception PointRon Hass @ronhass7 Perception Pointryuzaki Chijin Zhou ShuiMuYuLin LtdTsinghua wingtecher lab Jeonghoon Shin TheoriSorryMybad @S0rryMybad Kunlun LabDongzhuo Zhao ADLab of VenustechScarlet Raine Wang Yu CyberservalCVE-2022-0530 Tavis Ormandy CVE-2021-45444 ABC Research s.r.o CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 Michael DePlante @izobashi Trend Micro Zero Day InitiativeQi Sun Trend MicroRobert Ai Trend MicroYe Zhang @co0py_Cat Baidu SecurityJon Thompson EvolveIA) Yonghwi Jin @jinmo123 Theoriactae0n Blacksun Hackers Club working with Trend Micro Zero Day InitiativeAndrew Williams GoogleAvi Drissman GoogleLiu Long Ant Security LightAntonio Zekic @antoniozekic Jeonghoon Shin Theori working with Trend Micro Zero Day InitiativeJack Dates RET2 Systems Incchenyuwang @mzzzz__ Tencent Security Xuanwu LabJordy Zomer @pwningsystems Peter Nguyễn Vũ Hoàng @peternguyen14 STAR LabsNed Williamson Google Project Zero
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS Monterey | <12.4 | 12.4 |
Apple iOS, iPadOS, and watchOS | <15.5 | 15.5 |
Apple iOS, iPadOS, and watchOS | <15.5 | 15.5 |
Apple iOS, iPadOS, and watchOS | <15.5 | |
iStyle @cosme iPhone OS | <15.5 | |
Apple iOS and macOS | >=12.0.0<12.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-22677 is a logic issue in the handling of concurrent media in WebRTC that has been addressed with improved state handling.
CVE-2022-22677 affects macOS Monterey 12.4, iOS 15.5, and iPadOS 15.5.
To fix CVE-2022-22677, update your macOS Monterey to version 12.4, and update your iOS and iPadOS to version 15.5.
You can find more information about CVE-2022-22677 on the Apple support website at the following URLs: (1) https://support.apple.com/en-us/HT213257 (2) https://support.apple.com/en-us/HT213258