CVE-2022-42856 (GCVE-0-2022-42856)
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2025-07-30 01:37
CWE
  • Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.
Summary
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..
References
product-security@apple.com http://seclists.org/fulldisclosure/2022/Dec/21 Mailing List, Third Party Advisory
product-security@apple.com http://seclists.org/fulldisclosure/2022/Dec/22 Mailing List, Third Party Advisory
product-security@apple.com http://seclists.org/fulldisclosure/2022/Dec/23 Mailing List, Third Party Advisory
product-security@apple.com http://seclists.org/fulldisclosure/2022/Dec/26 Mailing List, Third Party Advisory
product-security@apple.com http://seclists.org/fulldisclosure/2022/Dec/28 Mailing List, Third Party Advisory
product-security@apple.com http://www.openwall.com/lists/oss-security/2022/12/26/1 Mailing List, Third Party Advisory
product-security@apple.com https://security.gentoo.org/glsa/202305-32 Third Party Advisory
product-security@apple.com https://support.apple.com/en-us/HT213516 Release Notes, Vendor Advisory
product-security@apple.com https://support.apple.com/en-us/HT213531 Release Notes, Vendor Advisory
product-security@apple.com https://support.apple.com/en-us/HT213532 Release Notes, Vendor Advisory
product-security@apple.com https://support.apple.com/en-us/HT213535 Release Notes, Vendor Advisory
product-security@apple.com https://support.apple.com/en-us/HT213537 Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://seclists.org/fulldisclosure/2022/Dec/21 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://seclists.org/fulldisclosure/2022/Dec/22 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://seclists.org/fulldisclosure/2022/Dec/23 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://seclists.org/fulldisclosure/2022/Dec/26 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://seclists.org/fulldisclosure/2022/Dec/28 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2022/12/26/1 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://security.gentoo.org/glsa/202305-32 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://support.apple.com/en-us/HT213516 Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://support.apple.com/en-us/HT213531 Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://support.apple.com/en-us/HT213532 Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://support.apple.com/en-us/HT213535 Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://support.apple.com/en-us/HT213537 Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
Apple tvOS Version: unspecified   < 16.2
Create a notification for this product.
   Apple tvOS Version: unspecified   < 13.1
Create a notification for this product.
   Apple tvOS Version: unspecified   < 15.7
Create a notification for this product.
   Apple tvOS Version: unspecified   < 16.1
Create a notification for this product.
   Apple tvOS Version: unspecified   < 16.2
Create a notification for this product.
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-12-14

Due date: 2023-01-04

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://support.apple.com/en-us/HT213516; https://nvd.nist.gov/vuln/detail/CVE-2022-42856

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213535"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213532"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213531"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213516"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213537"
          },
          {
            "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Dec/21"
          },
          {
            "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Dec/23"
          },
          {
            "name": "20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Dec/22"
          },
          {
            "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Dec/26"
          },
          {
            "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Dec/28"
          },
          {
            "name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/12/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-32"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-42856",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T21:34:19.303837Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-12-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42856"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:37:33.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-12-14T00:00:00+00:00",
            "value": "CVE-2022-42856 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T05:11:05.606Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213535"
        },
        {
          "url": "https://support.apple.com/en-us/HT213532"
        },
        {
          "url": "https://support.apple.com/en-us/HT213531"
        },
        {
          "url": "https://support.apple.com/en-us/HT213516"
        },
        {
          "url": "https://support.apple.com/en-us/HT213537"
        },
        {
          "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Dec/21"
        },
        {
          "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Dec/23"
        },
        {
          "name": "20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Dec/22"
        },
        {
          "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Dec/26"
        },
        {
          "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Dec/28"
        },
        {
          "name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/12/26/1"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-32"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2022-42856",
    "datePublished": "2022-12-15T00:00:00.000Z",
    "dateReserved": "2022-10-11T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:37:33.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-42856",
      "cwes": "[\"CWE-843\"]",
      "dateAdded": "2022-12-14",
      "dueDate": "2023-01-04",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.apple.com/en-us/HT213516;  https://nvd.nist.gov/vuln/detail/CVE-2022-42856",
      "product": "iOS",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple iOS Type Confusion Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-42856\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2022-12-15T19:15:25.123\",\"lastModified\":\"2025-02-28T14:53:03.590\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema l\u00f3gico con una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 y iPadOS 15.7.2, iOS 16.1.2. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS lanzadas antes de iOS 15.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2022-12-14\",\"cisaActionDue\":\"2023-01-04\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple iOS Type Confusion Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.2\",\"matchCriteriaId\":\"587780B6-6F5A-4156-9A29-F23B484D65D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.2\",\"matchCriteriaId\":\"C5892A8E-3D71-4ED7-ABFC-973DE74C2AD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.2\",\"matchCriteriaId\":\"2B03CFDD-AC66-4B07-A8CB-E026FCB8A1AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.1.2\",\"matchCriteriaId\":\"20B15ED6-6D4F-4C50-8E49-1A05A3CDD0F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1\",\"matchCriteriaId\":\"D7457023-5C4E-4935-826D-A411B0324092\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.2\",\"matchCriteriaId\":\"400AD564-BDEC-4C81-B650-56357BEBF0C7\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/21\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/22\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/23\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/26\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/28\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/12/26/1\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-32\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213516\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213531\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213532\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213535\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213537\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Dec/28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/12/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213537\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2023-05-30T05:11:05.606Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..\"}], \"affected\": [{\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"version\": \"unspecified\", \"lessThan\": \"16.2\", \"status\": \"affected\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"version\": \"unspecified\", \"lessThan\": \"13.1\", \"status\": \"affected\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"version\": \"unspecified\", \"lessThan\": \"15.7\", \"status\": \"affected\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"version\": \"unspecified\", \"lessThan\": \"16.1\", \"status\": \"affected\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"version\": \"unspecified\", \"lessThan\": \"16.2\", \"status\": \"affected\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213535\"}, {\"url\": \"https://support.apple.com/en-us/HT213532\"}, {\"url\": \"https://support.apple.com/en-us/HT213531\"}, {\"url\": \"https://support.apple.com/en-us/HT213516\"}, {\"url\": \"https://support.apple.com/en-us/HT213537\"}, {\"name\": \"20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2\", \"tags\": [\"mailing-list\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/21\"}, {\"name\": \"20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1\", \"tags\": [\"mailing-list\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/23\"}, {\"name\": \"20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2\", \"tags\": [\"mailing-list\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/22\"}, {\"name\": \"20221220 APPLE-SA-2022-12-13-7 tvOS 16.2\", \"tags\": [\"mailing-list\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/26\"}, {\"name\": \"20221220 APPLE-SA-2022-12-13-9 Safari 16.2\", \"tags\": [\"mailing-list\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/28\"}, {\"name\": \"[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2022/12/26/1\"}, {\"url\": \"https://security.gentoo.org/glsa/202305-32\"}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"text\", \"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.\"}]}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:19:05.404Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213535\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213532\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213531\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213516\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213537\", \"tags\": [\"x_transferred\"]}, {\"name\": \"20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/21\"}, {\"name\": \"20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/23\"}, {\"name\": \"20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/22\"}, {\"name\": \"20221220 APPLE-SA-2022-12-13-7 tvOS 16.2\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/26\"}, {\"name\": \"20221220 APPLE-SA-2022-12-13-9 Safari 16.2\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://seclists.org/fulldisclosure/2022/Dec/28\"}, {\"name\": \"[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2022/12/26/1\"}, {\"url\": \"https://security.gentoo.org/glsa/202305-32\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-42856\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T21:34:19.303837Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-12-14\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42856\"}}}], \"timeline\": [{\"time\": \"2022-12-14T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2022-42856 added to CISA KEV\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T21:34:17.053Z\"}}]}",
      "cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2022-42856\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"assignerShortName\": \"apple\", \"dateUpdated\": \"2025-07-30T01:37:33.400Z\", \"dateReserved\": \"2022-10-11T00:00:00.000Z\", \"datePublished\": \"2022-12-15T00:00:00.000Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…