Cyber Resilience

CVE-2022-22587

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 18 March 2022

Published
18 March 2022
Modified
23 October 2025
KEV Added
28 January 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 61.9th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-22587 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 38.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2022-22587 is a memory corruption vulnerability resulting from insufficient input validation, assigned CWE-787. It affects iOS and iPadOS prior to version 15.3 as well as macOS Big Sur prior to 11.6.3 and macOS Monterey prior to 12.2, with a CVSS 3.1 base score of 9.8 reflecting network-accessible impact on confidentiality, integrity, and availability.

A malicious application can exploit the flaw to execute arbitrary code with kernel privileges on an unpatched device. The vulnerability requires no user interaction or special privileges beyond the ability to run the application.

Apple security updates HT213053, HT213054, and HT213055 address the issue through improved input validation in the listed releases. The advisories note that Apple is aware of reports indicating the vulnerability may have been actively exploited in the wild. The associated EPSS probability rose from a low baseline after disclosure to a peak of 0.0184 on 2023-01-01 before receding to its current value of 0.0041.

EU & UK References

Vulnerability details

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.…

more

Apple is aware of a report that this issue may have been actively exploited..

CWE(s)
KEV Date Added
28 January 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 15.3
apple
iphone os
≤ 15.3
apple
macos
≤ 11.6.3 · 12.0 — 12.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the root cause by enforcing input validation to block the out-of-bounds write that leads to kernel-level code execution.

prevent

Implements memory protection mechanisms that can stop exploitation of the memory corruption flaw before arbitrary kernel code runs.

prevent

Requires timely application of vendor patches that replace the vulnerable code with the improved input-validation fix.

References