Overview
- Description
- An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
- Source
- product-security@apple.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Known exploits
Data from CISA
- Vulnerability name
- Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
- Exploit added on
- Oct 25, 2022
- Exploit action due
- Nov 15, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- CWE-787
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46D91788-9173-4FA2-A956-18286461B859",
"versionEndExcluding": "15.7.1"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C42DEF1-164C-42F0-932E-A6B2F4CD8557",
"versionEndExcluding": "15.7.1"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:16.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "721D0DB1-70EE-458E-B3DA-CA53BD37CE3E"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "683AE472-CFF7-4D5A-936A-42FA43C27E75",
"versionEndExcluding": "12.6.1"
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3B857D6-19FE-4535-9BA2-6BD54B9BB6F5",
"versionEndExcluding": "16.1"
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32BABE0E-193A-4A4D-96E9-84BB48649C9A",
"versionEndExcluding": "9.1"
}
],
"operator": "OR"
}
]
}
]