GSD-2022-22620 — Vulnetix

GSD-2022-22620 PUBLISHED CVSS 8.800000190734863 HIGH

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Apple	macOS	unspecified, unspecified
Apple	Safari (v and )	*

Timeline

Feb 11, 2022 PoC Published
Feb 15, 2022 CVE Published
Jun 14, 2023 PoC Published
Dec 24, 2024 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published
Apr 17, 2026 Security Advisory

References

https://support.apple.com/en-us/HT213091 url
https://support.apple.com/en-us/HT213092 url
https://support.apple.com/en-us/HT213093 url
GLSA-202208-39 vendor-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22620 url

Open in Interactive Console →