CVE-2022-22637

Published: Sep 23, 2022Modified: May 22, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.

Affected (6)

Products: Apple: Ipad Os, Iphone Os, Macos, Safari, Tvos, Watchos

6 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Apple Ipad Os	Before 15.4
Apple Iphone Os	Before 15.4
Apple Macos	From 12.0 to 12.3
Apple Safari	Before 15.4
Apple Tvos	Before 15.4
Apple Watchos	Before 8.5

Related CWEs

CWE-346

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (10)

https://support.apple.com/en-us/HT213182

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213183

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213186

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213187

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213193

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213182