CVE-2022-22637
Published on: Not Yet Published
Last Modified on: 09/28/2022 12:21:00 PM UTC
Certain versions of Ipad Os from Apple contain the following vulnerability:
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.
- CVE-2022-22637 has been assigned by
product-sec[email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software:
Apple - Safari version < 15.4
- Affected Vendor/Software:
Apple - tvOS version < 15.4
- Affected Vendor/Software:
Apple - tvOS version < 12.3
- Affected Vendor/Software:
Apple - tvOS version < 15.4
- Affected Vendor/Software:
Apple - watchOS version < 8.5
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
About the security content of iOS 15.4 and iPadOS 15.4 - Apple Support | support.apple.com text/html |
![]() |
About the security content of macOS Monterey 12.3 - Apple Support | support.apple.com text/html |
![]() |
About the security content of tvOS 15.4 - Apple Support | support.apple.com text/html |
![]() |
About the security content of Safari 15.4 - Apple Support | support.apple.com text/html |
![]() |
About the security content of watchOS 8.5 - Apple Support | support.apple.com text/html |
![]() |
Related QID Numbers
- 159799 Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2022-1777)
- 183346 Debian Security Update for webkit2gtkwpewebkit (CVE-2022-22637)
- 198756 Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-5394-1)
- 240305 Red Hat Update for webkit2gtk3 security (RHSA-2022:1777)
- 376475 Apple Safari Multiple Vulnerabilities (HT213187)
- 376485 Apple MacOS Monterey 12.3 Not Installed (HT213183)
- 502397 Alpine Linux Security Update for webkit2gtk
- 610404 Apple iOS 15.4 and iPadOS 15.4 Security Update Missing
- 752080 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:1431-1)
- 752104 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:1511-1)
- 752124 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:1677-1)
- 940505 AlmaLinux Security Update for webkit2gtk3 (ALSA-2022:1777)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Apple | Ipad Os | All | All | All | All |
Operating System | Apple | Iphone Os | All | All | All | All |
Operating System | Apple | Macos | All | All | All | All |
Application | Apple | Safari | All | All | All | All |
Operating System | Apple | Tvos | All | All | All | All |
Operating System | Apple | Watchos | All | All | All | All |
- cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW | 2022-03-15 13:18:46 |