Search for vulnerabilities
Vulnerability details: VCID-t86d-8bk9-7ycu
Vulnerability ID VCID-t86d-8bk9-7ycu
Aliases CVE-2022-22628
Summary A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22628.json
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00117 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22628
archlinux High https://security.archlinux.org/AVG-2703
cvssv3.1 8.8 https://support.apple.com/en-us/HT213182
ssvc Track https://support.apple.com/en-us/HT213182
cvssv3.1 8.8 https://support.apple.com/en-us/HT213183
ssvc Track https://support.apple.com/en-us/HT213183
cvssv3.1 8.8 https://support.apple.com/en-us/HT213186
ssvc Track https://support.apple.com/en-us/HT213186
cvssv3.1 8.8 https://support.apple.com/en-us/HT213187
ssvc Track https://support.apple.com/en-us/HT213187
cvssv3.1 8.8 https://support.apple.com/en-us/HT213193
ssvc Track https://support.apple.com/en-us/HT213193
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22628.json
https://api.first.org/data/v1/epss?cve=CVE-2022-22628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22662
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://support.apple.com/en-us/HT213183
2073896 https://bugzilla.redhat.com/show_bug.cgi?id=2073896
AVG-2703 https://security.archlinux.org/AVG-2703
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2022-22628 https://nvd.nist.gov/vuln/detail/CVE-2022-22628
HT213182 https://support.apple.com/en-us/HT213182
HT213186 https://support.apple.com/en-us/HT213186
HT213187 https://support.apple.com/en-us/HT213187
HT213193 https://support.apple.com/en-us/HT213193
RHSA-2022:7704 https://access.redhat.com/errata/RHSA-2022:7704
RHSA-2022:8054 https://access.redhat.com/errata/RHSA-2022:8054
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
USN-5394-1 https://usn.ubuntu.com/5394-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22628.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22628
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213182
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213182
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213183
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213183
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213186
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213186
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213187
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213187
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213193
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213193
Exploit Prediction Scoring System (EPSS)
Percentile 0.31333
EPSS Score 0.00117
Published At Aug. 4, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:38:26.195367+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.16/community.json 37.0.0