CVE-2022-22587
Published: 18 March 2022
Summary
CVE-2022-22587 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 38.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2022-22587 is a memory corruption vulnerability resulting from insufficient input validation, assigned CWE-787. It affects iOS and iPadOS prior to version 15.3 as well as macOS Big Sur prior to 11.6.3 and macOS Monterey prior to 12.2, with a CVSS 3.1 base score of 9.8 reflecting network-accessible impact on confidentiality, integrity, and availability.
A malicious application can exploit the flaw to execute arbitrary code with kernel privileges on an unpatched device. The vulnerability requires no user interaction or special privileges beyond the ability to run the application.
Apple security updates HT213053, HT213054, and HT213055 address the issue through improved input validation in the listed releases. The advisories note that Apple is aware of reports indicating the vulnerability may have been actively exploited in the wild. The associated EPSS probability rose from a low baseline after disclosure to a peak of 0.0184 on 2023-01-01 before receding to its current value of 0.0041.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27732
Vulnerability details
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.…
more
Apple is aware of a report that this issue may have been actively exploited..
- CWE(s)
- KEV Date Added
- 28 January 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the root cause by enforcing input validation to block the out-of-bounds write that leads to kernel-level code execution.
Implements memory protection mechanisms that can stop exploitation of the memory corruption flaw before arbitrary kernel code runs.
Requires timely application of vendor patches that replace the vulnerable code with the improved input-validation fix.