Use After Free in Apple Ipados
CVE-2022-42826
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution.
Vulnerability class: Use-After-Free
EPSS: 0.008 (51.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Apple Ipados
- Apple Iphone_os
- Apple Macos — versions unspecified
- Apple Safari
- Webkitgtk Webkitgtk\+
Weakness classification (CWE)
References
- product-security@apple.com (Vendor Advisory)
- product-security@apple.com (Vendor Advisory)
- product-security@apple.com (Vendor Advisory)
- product-security@apple.com (vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2022-42826?
- CVE-2022-42826 is a high-severity vulnerability in Apple Ipados, classified under Use After Free. CVSS score: 8.8/10. Published 2023-02-27.
- How severe is CVE-2022-42826?
- High severity. CVSS v3 base score is 8.8 out of 10.