CVE-2022-42856
high-risk
Published 2022-12-15
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..
Do I need to act?
-
0.19% chance of exploitation
EPSS score — low exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (25)
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/21
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/22
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/23
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/26
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/28
Third Party Advisory
https://security.gentoo.org/glsa/202305-32
Release Notes
https://support.apple.com/en-us/HT213516
Release Notes
https://support.apple.com/en-us/HT213531
Release Notes
https://support.apple.com/en-us/HT213532
Release Notes
https://support.apple.com/en-us/HT213535
Release Notes
https://support.apple.com/en-us/HT213537
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/21
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/22
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/23
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/26
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/28
Third Party Advisory
https://security.gentoo.org/glsa/202305-32
Release Notes
https://support.apple.com/en-us/HT213516
and 5 more references
50
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
8/34 · Low
Exposure
12/34 · Low