CVE-2022-42823
First published: Mon Oct 24 2022(Updated: )
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <13 | 13 | |
| Apple iOS | <16.1 | 16.1 |
| Apple iPadOS | <16 | 16 |
| Apple watchOS | <9.1 | 9.1 |
| Apple tvOS | <16.1 | 16.1 |
| Apple macOS Monterey | <12.6.1 | 12.6.1 |
| Apple Safari | <16.1 | 16.1 |
| Apple Safari | <16.1 | |
| Apple iPadOS | <16.0 | |
| Apple iPhone OS | <16.1 | |
| Apple macOS | <13.0 | |
| Apple tvOS | <16.1 | |
| Apple watchOS | <9.1 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| debian/webkit2gtk | <=2.36.4-1~deb10u1 | 2.38.6-0+deb10u1 2.40.5-1~deb11u1 2.42.1-1~deb11u2 2.40.5-1~deb12u1 2.42.1-1~deb12u1 2.42.1-2 |
| debian/wpewebkit | 2.38.6-1~deb11u1 2.38.6-1 2.42.1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://webkitgtk.org/security/WSA-2022-0010.html
- https://security-tracker.debian.org/tracker/CVE-2022-42823
- https://support.apple.com/en-us/HT213491 (Advisory)
- http://www.openwall.com/lists/oss-security/2022/11/04/4
- https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/
- https://security.gentoo.org/glsa/202305-32
- https://support.apple.com/en-us/HT213488 (Advisory)
- https://support.apple.com/en-us/HT213489 (Advisory)
- https://support.apple.com/en-us/HT213492 (Advisory)
- https://support.apple.com/en-us/HT213495 (Advisory)
- https://www.debian.org/security/2022/dsa-5273
- https://www.debian.org/security/2022/dsa-5274
- https://support.apple.com/kb/HT213489
- https://support.apple.com/en-us/HT213494 (Advisory)
- https://support.apple.com/kb/HT213495
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-42825
- CVE-2022-32932
- CVE-2022-42798
- CVE-2022-32940
- CVE-2022-42813
- CVE-2022-32947
- CVE-2022-46712
- CVE-2022-32924
- CVE-2022-42808
- CVE-2022-32944
- CVE-2022-42803
- CVE-2022-32926
- CVE-2022-42801
- CVE-2022-42817
- CVE-2022-42811
- CVE-2022-42799
- CVE-2022-42823
- CVE-2022-42824
- CVE-2022-32923
- CVE-2022-37434
- CVE-2022-42800
- CVE-2022-42810
- CVE-2022-32909
- CVE-2022-32929
- CVE-2022-32945
- CVE-2022-32946
- CVE-2022-32935
- CVE-2022-32939
- CVE-2022-42820
- CVE-2022-42806
- CVE-2022-42827
- CVE-2022-46715
- CVE-2022-42828
- CVE-2022-32941
- CVE-2022-42829
- CVE-2022-42830
- CVE-2022-42831
- CVE-2022-42832
- CVE-2022-32938
- CVE-2022-42792
- CVE-2022-42826
- CVE-2022-32922
- CVE-2022-32927
- CVE-2022-42860
- CVE-2022-46723
- CVE-2022-46713
- CVE-2022-28739
- CVE-2022-32862
- CVE-2022-42795
- CVE-2022-48577
- CVE-2022-32858
- CVE-2022-32898
- CVE-2022-32899
- CVE-2022-46721
- CVE-2022-47915
- CVE-2022-47965
- CVE-2022-32889
- CVE-2022-32907
- CVE-2022-32827
- CVE-2022-32877
- CVE-2022-42789
- CVE-2022-46722
- CVE-2022-32902
- CVE-2022-32904
- CVE-2022-32890
- CVE-2022-42796
- CVE-2022-42816
- CVE-2022-42821
- CVE-2022-42819
- CVE-2022-26730
- CVE-2022-42838
- CVE-2022-48683
- CVE-2022-22663
- CVE-2022-32867
- CVE-2022-32205
- CVE-2022-32206
- CVE-2022-32207
- CVE-2022-32208
- CVE-2022-42814
- CVE-2022-32865
- CVE-2022-32915
- CVE-2022-32928
- CVE-2022-22643
- CVE-2022-42788
- CVE-2022-48504
- CVE-2022-32905
- CVE-2022-42833
- CVE-2022-42809
- CVE-2022-3437
- CVE-2022-32849
- CVE-2022-32913
- CVE-2022-32809
- CVE-2022-1622
- CVE-2022-32936
- CVE-2022-32864
- CVE-2022-32866
- CVE-2022-32911
- CVE-2022-32914
- CVE-2022-42815
- CVE-2022-42834
- CVE-2022-46707
- CVE-2022-32883
- CVE-2022-32908
- CVE-2021-39537
- CVE-2022-29458
- CVE-2022-42818
- CVE-2022-32879
- CVE-2022-32895
- CVE-2022-42807
- CVE-2022-32918
- CVE-2022-32881
- CVE-2022-32931
- CVE-2022-42793
- CVE-2022-32876
- CVE-2022-42790
- CVE-2022-32870
- CVE-2022-32934
- CVE-2022-42791
- CVE-2021-36690
- CVE-2022-48505
- CVE-2022-26699
- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319
- CVE-2022-0351
- CVE-2022-0359
- CVE-2022-0361
- CVE-2022-0368
- CVE-2022-0392
- CVE-2022-0554
- CVE-2022-0572
- CVE-2022-0629
- CVE-2022-0685
- CVE-2022-0696
- CVE-2022-0714
- CVE-2022-0729
- CVE-2022-0943
- CVE-2022-1381
- CVE-2022-1420
- CVE-2022-1725
- CVE-2022-1616
- CVE-2022-1619
- CVE-2022-1620
- CVE-2022-1621
- CVE-2022-1629
- CVE-2022-1674
- CVE-2022-1733
- CVE-2022-1735
- CVE-2022-1769
- CVE-2022-1927
- CVE-2022-1942
- CVE-2022-1968
- CVE-2022-1851
- CVE-2022-1897
- CVE-2022-1898
- CVE-2022-1720
- CVE-2022-2000
- CVE-2022-2042
- CVE-2022-2124
- CVE-2022-2125
- CVE-2022-2126
- CVE-2022-32875
- CVE-2022-32886
- CVE-2022-32888
- CVE-2022-32912
- CVE-2022-32892
- CVE-2022-32833
- CVE-2022-46709
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID is CVE-2022-42823.
What software is affected by this vulnerability?
The vulnerability affects Apple macOS Monterey up to version 12.6.1, Apple iOS up to version 16.1, Apple iPadOS up to version 16, Apple watchOS up to version 9.1, Apple Safari up to version 16.1, Apple tvOS up to version 16.1, and Apple macOS Ventura up to version 13.
What is the impact of this vulnerability?
The impact of this vulnerability is a type confusion issue that could lead to arbitrary code execution.
How can I fix this vulnerability?
To fix this vulnerability, update your software to the latest version available, as specified in the Apple security advisory.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the Apple security advisory linked in the references section.
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- source/Apple
- agent/software-canonical-lookup
- agent/event
- agent/description
- agent/last-modified-date
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/apple
- canonical/apple watchos
- canonical/apple safari
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- canonical/apple tvos
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- canonical/apple ios
- canonical/apple macos monterey
- canonical/apple macos ventura