Apple Products Remote Code Execution Vulnerability
RISK: High Risk
TYPE: Operating Systems - Mac OS
A vulnerability was identified in Apple Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
This vulnerability is being triggered due to a use-after-free error when processing HTML content in WebKit. The attacker can exploit this vulnerability by luring users to visit a specially crafted web page. Once the users open the malicious web page, an attacker can remotely execute malicious code on the targeted system.
HKCERT is aware of this vulnerability has been reported publicly that it is being exploited in the wild, and encourages users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.
CVE-2022-22620 is being exploited in the wild.
- Remote Code Execution
System / Technologies affected
- Versions prior to iOS 15.3.1
- Versions prior to iPadOS 15.3.1
- Versions prior to macOS Monterey 12.2.1
- Versions prior to Safari 15.3
Before installation of the software, please visit the vendor web-site for more details.
- iOS 15.3.1
- iPadOS 15.3.1
- macOS Monterey 12.2.1
- Safari 15.3