CVE-2022-22587

CVE Database · CVE-2022-22587

CVE-2022-22587

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

11.64%

Published

Mar 18, 2022

Modified

Oct 23, 2025

CISA Known Exploited Vulnerability

Added: 2022-01-28 · Due: 2022-02-11

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (4)

apple · ipados (up to 15.3)vulnerable

apple · iphone_os (up to 15.3)vulnerable

apple · macos (up to 11.6.3)vulnerable

apple · macos (up to 12.2)vulnerable

References (7)

https://support.apple.com/en-us/HT213053

Release NotesVendor Advisory