Skip to main content

Apple Products Remote Code Execution Vulnerability

Release Date: 11 Feb 2022 2327 Views

RISK: High Risk

TYPE: Operating Systems - Mac OS

TYPE: Mac OS

A vulnerability was identified in Apple Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

This vulnerability is being triggered due to a use-after-free error when processing HTML content in WebKit. The attacker can exploit this vulnerability by luring users to visit a specially crafted web page. Once the users open the malicious web page, an attacker can remotely execute malicious code on the targeted system.

 

HKCERT is aware of this vulnerability has been reported publicly that it is being exploited in the wild, and encourages users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.

 

Note:
CVE-2022-22620 is being exploited in the wild.


Impact

  • Remote Code Execution

System / Technologies affected

  • Versions prior to iOS 15.3.1
  • Versions prior to iPadOS 15.3.1
  • Versions prior to macOS Monterey 12.2.1
  • Versions prior to Safari 15.3

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 
Apply fixes issued by the vendor:
 
  • iOS 15.3.1
  • iPadOS 15.3.1
  • macOS Monterey 12.2.1
  • Safari 15.3

Vulnerability Identifier


Source


Related Link