Vulnerability in Apple Tvos
CVE-2022-42856
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrar…
EPSS: 0.002 (35.6th percentile) — read the EPSS interpretation.
Affected products
- Apple Tvos — versions unspecified
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- support.apple.com/en-us/HT213535
- support.apple.com/en-us/HT213532
- support.apple.com/en-us/HT213531
- support.apple.com/en-us/HT213516
- support.apple.com/en-us/HT213537
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2 (mailing-list)
- 20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1 (mailing-list)
- 20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2 (mailing-list)
- 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2 (mailing-list)
- 20221220 APPLE-SA-2022-12-13-9 Safari 16.2 (mailing-list)
Frequently asked questions
- What is CVE-2022-42856?
- CVE-2022-42856 is a vulnerability in Apple Tvos. Published 2022-12-15.
- Is CVE-2022-42856 known to be exploited?
- Yes. CVE-2022-42856 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-12-14), indicating it is being actively exploited. 5 public proof-of-concept repositories are indexed.