CVE-2022-42817: Race Condition
First published: Mon Oct 24 2022(Updated: )
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. Visiting a maliciously crafted website may leak sensitive data.
Credit: Mir Masood Ali Illinois at ChicagoPhD student Illinois at ChicagoUniversity Illinois at ChicagoMS student Illinois at ChicagoStony Brook University; Mohammad Ghasemisharif Illinois at ChicagoPhD Candidate Illinois at ChicagoAssociate Professor Illinois at ChicagoStony Brook University; Jason Polakis Illinois at ChicagoMir Masood Ali PhD student MS student Stony Brook University; Mohammad Ghasemisharif PhD Candidate Associate Pr product-security@apple.com Xinru Chi Pangu LabJohn Aakerblom @jaakerblom Tim Michaud @TimGMichaud MoveworksIan Beer Google Project ZeroZweig Kunlun Laban anonymous researcher Xingwei Lin @xwlin_roy Ant Security LightYinyi Wu Ant Security LightIES Red Team ByteDanceJustin Bui @slyd0g SnowflakeCristian Dinca Tudor Vianu National High School of Computer Science ofFrancisco Alonso @revskills Jihwan Kim @gPayl0ad Dohyun Lee @l33d0hyun Dohyun Lee @l33d0hyun SSD LabsAbdulrahman Alqabandi Microsoft Browser Vulnerability ResearchRyan Shin IAAI SecLab at Korea UniversityDohyun Lee @l33d0hyun DNSLab at Korea UniversityYonghwi Jin at Theori @jinmo123 Trend Micro Zero Day InitiativeWonyoung Jung @nonetype_pwn KAIST Hacking LabDr Hideaki Goto Tohoku UniversityJapan Evgeny Legerov Anonymous Trend Micro Zero Day InitiativeABC Research s.r.o. Csaba Fitzl @theevilbit Offensive SecurityJonathan Zhang Open Computing FacilityGuilherme Rambo Best Buddy AppsBistrit Dahal Asahi Lina @LinaAsahi Willy R. Vasquez The University of Texas at AustinPeter Pan ZhenPeng STAR LabsTingting Yin Tsinghua UniversityTommy Muir @Muirey03 Mickey Jin @patch1t Mohamed Ghannam @_simo36
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS, iPadOS, and watchOS | <16.1 | 16.1 |
| Apple iOS, iPadOS, and watchOS | <16 | 16 |
| Apple iOS, iPadOS, and watchOS | <15.7.1 | 15.7.1 |
| Apple iOS, iPadOS, and watchOS | <15.7.1 | 15.7.1 |
| Apple iOS, iPadOS, and watchOS | <9.1 | 9.1 |
| Apple iOS, iPadOS, and watchOS | <15.7.1 | |
| iStyle @cosme iPhone OS | <15.7.1 | |
| iStyle @cosme iPhone OS | =16.0 | |
| Apple iOS, iPadOS, and watchOS | <9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213489 (Advisory)
- https://support.apple.com/en-us/HT213490 (Advisory)
- https://support.apple.com/en-us/HT213491 (Advisory)
- https://support.apple.com/en-us/102793 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-32932
- CVE-2022-42825
- CVE-2022-32909
- CVE-2022-42798
- CVE-2022-32940
- CVE-2022-32929
- CVE-2022-42813
- CVE-2022-32945
- CVE-2022-32946
- CVE-2022-32935
- CVE-2022-32947
- CVE-2022-32939
- CVE-2022-42820
- CVE-2022-42806
- CVE-2022-46712
- CVE-2022-32944
- CVE-2022-42803
- CVE-2022-32926
- CVE-2022-42801
- CVE-2022-32924
- CVE-2022-42808
- CVE-2022-42827
- CVE-2022-42810
- CVE-2022-46715
- CVE-2022-42828
- CVE-2022-32941
- CVE-2022-42829
- CVE-2022-42830
- CVE-2022-42831
- CVE-2022-42832
- CVE-2022-42817
- CVE-2022-42811
- CVE-2022-32938
- CVE-2022-42792
- CVE-2022-42826
- CVE-2022-42799
- CVE-2022-42823
- CVE-2022-42824
- CVE-2022-32922
- CVE-2022-32923
- CVE-2022-32927
- CVE-2022-37434
- CVE-2022-42800
- CVE-2022-32949
Frequently Asked Questions
What is CVE-2022-42817?
CVE-2022-42817 is a vulnerability in Safari that involves a logic issue and has been addressed with improved state management.
Which software versions are affected by CVE-2022-42817?
CVE-2022-42817 affects Apple iOS versions up to and excluding 16.1, Apple iPadOS versions up to and excluding 16, Apple iOS versions up to and excluding 15.7.1, Apple iPadOS versions up to and excluding 15.7.1, and Apple watchOS versions up to and excluding 9.1.
How can I fix the CVE-2022-42817 vulnerability?
To fix the CVE-2022-42817 vulnerability, update your affected Apple devices to the recommended versions specified by Apple in the provided support links.
- agent/type
- agent/first-publish-date
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- agent/event
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/references
- agent/author
- collector/apple-support
- source/Apple
- alias/CVE-2022-32945
- alias/CVE-2022-32946
- alias/CVE-2022-32935
- alias/CVE-2022-32947
- alias/CVE-2022-32939
- alias/CVE-2022-42820
- alias/CVE-2022-42806
- alias/CVE-2022-46712
- alias/CVE-2022-32944
- alias/CVE-2022-42803
- alias/CVE-2022-32926
- alias/CVE-2022-42801
- alias/CVE-2022-32924
- alias/CVE-2022-42808
- alias/CVE-2022-42827
- alias/CVE-2022-42810
- alias/CVE-2022-46715
- alias/CVE-2022-42828
- alias/CVE-2022-32941
- alias/CVE-2022-42829
- alias/CVE-2022-42830
- alias/CVE-2022-42831
- alias/CVE-2022-42832
- alias/CVE-2022-42817
- alias/CVE-2022-42811
- alias/CVE-2022-32938
- alias/CVE-2022-42792
- alias/CVE-2022-42826
- alias/CVE-2022-42799
- alias/CVE-2022-42823
- alias/CVE-2022-42824
- alias/CVE-2022-32922
- alias/CVE-2022-32923
- alias/CVE-2022-32927
- alias/CVE-2022-37434
- alias/CVE-2022-42800
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- alias/CVE-2022-32929
- alias/CVE-2022-42813
- alias/CVE-2022-32940
- alias/CVE-2022-32909
- alias/CVE-2022-42798
- alias/CVE-2022-42825
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/apple ios, ipados, and watchos
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/16.0