CVE-2022-42837

high-risk
Published 2022-12-15

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.

Do I need to act?

~
5.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Apple

References (18)

Mailing List http://seclists.org/fulldisclosure/2022/Dec/20
Mailing List http://seclists.org/fulldisclosure/2022/Dec/21
Mailing List http://seclists.org/fulldisclosure/2022/Dec/23
http://seclists.org/fulldisclosure/2022/Dec/27
Release Notes https://support.apple.com/en-us/HT213530
Release Notes https://support.apple.com/en-us/HT213531
Release Notes https://support.apple.com/en-us/HT213532
Release Notes https://support.apple.com/en-us/HT213536
https://support.apple.com/kb/HT213535
Mailing List http://seclists.org/fulldisclosure/2022/Dec/20
Mailing List http://seclists.org/fulldisclosure/2022/Dec/21
Mailing List http://seclists.org/fulldisclosure/2022/Dec/23
http://seclists.org/fulldisclosure/2022/Dec/27
Release Notes https://support.apple.com/en-us/HT213530
Release Notes https://support.apple.com/en-us/HT213531
Release Notes https://support.apple.com/en-us/HT213532
Release Notes https://support.apple.com/en-us/HT213536
https://support.apple.com/kb/HT213535
51
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 9/34 · Low
Exposure 10/34 · Low