Summary
CVE: CVE-2022-22620
CVSS: Unscored
Affected Products: iPhone 6s and later; iPad Pro (all models); iPad Air 2 and later; iPad 5th generation and later; iPad mini 4 and later; iPod touch (7th generation); macOS Monterey
Apple released a security update addressing a zero-day vulnerability impacting iPhones, iPads, and Macs. The vulnerability, CVE-2022-22620, is a WebKit Use After Free zero-day discovered by an anonymous security researcher. Apple notes in its security updates that this vulnerability may have been actively exploited in the wild.
Analysis
Affected Products
- Safari Browser prior to 15.3 on macOS Big Sur and macOS Catalina
- macOS Monterey prior to 12.2.1
- iOS and iPadOS prior to 15.3.1
Potential Impact
Successful exploitation of CVE-2022-22620 could lead to arbitrary code execution on an affected device, allowing an attacker to potentially crash vulnerable devices, view, modify, or delete data, or take control of an affected device.
Recommendations
Apple has released security updates which address this vulnerability in all affected products. NTT recommends organizations apply these updates after conducting the appropriate evaluations and testing.
References
https://support.apple.com/en-us/HT213091https://support.apple.com/en-us/HT213092
https://support.apple.com/en-us/HT213093
No comments:
Post a Comment