CVE-2022-22592
Published on: Not Yet Published
Last Modified on: 09/09/2022 08:43:00 PM UTC
Certain versions of Ipados from Apple contain the following vulnerability:
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
- CVE-2022-22592 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: Apple - iOS and iPadOS version < 15.3
- Affected Vendor/Software: Apple - macOS version < 12.2
- Affected Vendor/Software: Apple - tvOS version < 15.3
- Affected Vendor/Software: Apple - tvOS version < 15.3
- Affected Vendor/Software: Apple - watchOS version < 8.4
CVSS3 Score: 6.5 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | HIGH | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
WebKitGTK+: Multiple Vulnerabilities (GLSA 202208-39) — Gentoo security | security.gentoo.org text/html | GENTOO GLSA-202208-39 |
About the security content of macOS Monterey 12.2 - Apple Support | support.apple.com text/html | MISC support.apple.com/en-us/HT213054 |
About the security content of iOS 15.3 and iPadOS 15.3 - Apple Support | support.apple.com text/html | MISC support.apple.com/en-us/HT213053 |
About the security content of watchOS 8.4 - Apple Support | support.apple.com text/html | MISC support.apple.com/en-us/HT213059 |
About the security content of tvOS 15.3 - Apple Support | support.apple.com text/html | MISC support.apple.com/en-us/HT213057 |
About the security content of Safari 15.3 - Apple Support | support.apple.com text/html | MISC support.apple.com/en-us/HT213058 |
Related QID Numbers
- 159799 Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2022-1777)
- 179088 Debian Security Update for wpewebkit (DSA 5084-1)
- 179089 Debian Security Update for webkit2gtk (DSA 5083-1)
- 184179 Debian Security Update for webkit2gtkwpewebkit (CVE-2022-22592)
- 198681 Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-5306-1)
- 240305 Red Hat Update for webkit2gtk3 security (RHSA-2022:1777)
- 282364 Fedora Security Update for webkit2gtk3 (FEDORA-2022-cbd155f714)
- 282458 Fedora Security Update for webkit2gtk3 (FEDORA-2022-5dd9b908d6)
- 296063 Oracle Solaris 11.4 Support Repository Update (SRU) 45.119.2 Missing (CPUAPR2022)
- 355438 Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-2088
- 376307 Apple Safari multiple Vulnerabilities (HT213058)
- 376365 Apple Safari Multiple Vulnerabilities (HT213058)
- 376368 Apple MacOS Monterey 12.2 Not Installed (HT213054)
- 502398 Alpine Linux Security Update for webkit2gtk
- 505527 Alpine Linux Security Update for webkit2gtk
- 610395 Apple iOS 15.3 and iPadOS 15.3 Security Update Missing
- 710613 Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202208-39)
- 751784 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0703-1)
- 751790 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0690-1)
- 751794 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0705-1)
- 751823 OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0705-1)
- 940505 AlmaLinux Security Update for webkit2gtk3 (ALSA-2022:1777)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Apple | Ipados | All | All | All | All |
Hardware | Apple | Iphone | All | All | All | All |
Operating System | Apple | Macos | All | All | All | All |
Application | Apple | Safari | All | All | All | All |
Operating System | Apple | Tvos | All | All | All | All |
Operating System | Apple | Watchos | All | All | All | All |
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*:
- cpe:2.3:h:apple:iphone:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@OMuliri | @1lastBr3ath I see you sir?? CVE-2022-22592 Kudos on that | 2022-01-27 19:06:39 |
@management_sun | IT Risk: Apple.(ALERT)macOS Monterey 12.2に複数の脆弱性 -2/2 CVE-2022-22593 CVE-2022-22592 CVE-2022-22591 CVE-2022-22590 C… twitter.com/i/web/status/1… | 2022-01-28 07:15:46 |
@management_sun | IT Risk: Apple.(ALERT)Multiple vulnerabilities in macOS Monterey 12.2. -2/2 CVE-2022-22592 CVE-2022-22591 CVE-2022-… twitter.com/i/web/status/1… | 2022-01-28 07:16:17 |
@management_sun | IT Risk: Apple.iOS 15.3 and iPadOS 15.3に複数の脆弱性 -2/2 CVE-2022-22592 CVE-2022-22590 CVE-2022-22589 CVE-2022-22587 CVE… twitter.com/i/web/status/1… | 2022-01-28 07:39:46 |
@CVEreport | CVE-2022-22592 : A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iP… twitter.com/i/web/status/1… | 2022-03-18 18:29:39 |
/r/k12cybersecurity | MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW | 2022-01-27 16:53:05 |