VDB
GSD-2022-42837
GSD-2022-42837
PUBLISHED
CVSS 9.800000190734863 CRITICAL
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | watchOS | * |
| Apple | macOS | unspecified, unspecified, unspecified |
Timeline
- Apr 11, 2022 CVE Published
- Dec 19, 2022 PoC Published
- Apr 5, 2023 PoC Published
- Feb 13, 2025 PoC Published
- Mar 28, 2025 PoC Published
References
- https://support.apple.com/kb/HT213535 url
- https://support.apple.com/en-us/HT213532 url
- https://support.apple.com/en-us/HT213530 url
- https://support.apple.com/en-us/HT213531 url
- https://support.apple.com/en-us/HT213536 url
- 20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2 mailing-list
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2 mailing-list
- 20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1 mailing-list
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2 mailing-list