CVE-2022-42856

8.8 HIGH CISA KEV - Actively Exploited

Published: December 15, 2022 Modified: October 23, 2025

Description

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/21

Source: product-security@apple.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/22

Source: product-security@apple.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/23

Source: product-security@apple.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/26

Source: product-security@apple.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/28

Source: product-security@apple.com

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/12/26/1

Source: product-security@apple.com

Mailing List Third Party Advisory

https://security.gentoo.org/glsa/202305-32

Source: product-security@apple.com

Third Party Advisory

https://support.apple.com/en-us/HT213516

Source: product-security@apple.com

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213531

Source: product-security@apple.com

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213532

Source: product-security@apple.com

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213535

Source: product-security@apple.com

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213537

Source: product-security@apple.com

Release Notes Vendor Advisory

http://seclists.org/fulldisclosure/2022/Dec/21

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/22

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/23

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/26

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/28

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/12/26/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

https://security.gentoo.org/glsa/202305-32

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/en-us/HT213516

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213531

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213532

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213535

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes Vendor Advisory

https://support.apple.com/en-us/HT213537

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42856

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

25 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.8 / 10.0

EPSS (Exploit Probability)

0.3%

49th percentile

Exploitation Status

Actively Exploited

Remediation due: 2023-01-04

Weaknesses (CWE)

CWE-843 CWE-843

Affected Vendors

apple

Related CVEs