CVE-2022-22665: Critical severity apple macos vulnerability
Published Mar 14, 2022
·Updated
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
Other sources
apache. Multiple issues were addressed by updating apache to version 2.4.53.
— Apple
AppKit. A logic issue was addressed with improved validation.
Credit
Lockheed Martin Red Team, an anonymous researcher, Jeremy Brown(Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Qi Sun(Trend Micro), Ye Zhang@@co0py_Cat(Baidu Security), Robert Ai(Trend Micro), Arsenii Kostromin (0x3c3e), Yonghwi Jin@@jinmo123(Theori), Linus Henze(Pinauten GmbH), Liu Long(Ant Security Light), Jack Dates(RET2 Systems Inc), Antonio Zekic@@antoniozekic, Jeonghoon Shin(Theori working with Trend Micro Zero Day Initiative), Peter Nguyễn Vũ Hoàng@@peternguyen14(STAR Labs), Ned Williamson(Google Project Zero), @@gorelics(BreakPoint), (BreakPoint), Ron Masas(BreakPoint), Wojciech Reguła@@_r3ggi(SecuRing), Arsenii Kostromin (0x3c3e)(Microsoft), Jonathan Bar Or(Microsoft), Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Yuebin Sun@@yuebinsun2020(Tencent Security Xuanwu Lab), Max Shavrick@@_mxms(the Google Security Team), Zubair Ashraf(Crowdstrike), CVE-2022-0778, CVE-2022-23308, Mickey Jin@@patch1t, @@gorelics, Peter Nguyễn Vũ Hoàng(STAR Labs), Felix Poulin-Belanger, Antonio Cheong Yu Xuan(YCISCQ), CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2021-46059, CVE-2022-0128, Heige(KnownSec 404 Team), Bo Qu(Palo Alto Networks), Scarlet Raine, Wang Yu(Cyberserval), CVE-2022-0530, Tavis Ormandy, CVE-2021-45444, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721
Affected Software
20 affected componentsFixes available
Apple macOS Big Sur<11.6.5
11.6.5
Apple Catalina
Apple macOS Monterey<12.3
12.3
Apple iOS and macOS>=10.15<10.15.7
Apple iOS and macOS=10.15.7
Apple iOS and macOS=10.15.7-security_update_2020
Apple iOS and macOS=10.15.7-security_update_2020-001
Apple iOS and macOS=10.15.7-security_update_2020-005
Apple iOS and macOS=10.15.7-security_update_2020-007
Apple iOS and macOS=10.15.7-security_update_2021-001
Apple iOS and macOS=10.15.7-security_update_2021-002
Apple iOS and macOS=10.15.7-security_update_2021-003
Apple iOS and macOS=10.15.7-security_update_2021-006
Apple iOS and macOS=10.15.7-security_update_2021-007
Apple iOS and macOS=10.15.7-security_update_2021-008
Apple iOS and macOS=10.15.7-security_update_2022-001
Apple iOS and macOS=10.15.7-security_update_2022-002
Apple iOS and macOS=10.15.7-supplemental_update
Apple macOS>=11.0<11.6.5
Apple macOS>=12.0<12.3
Event History
Mar 18, 2022
CVE Published
via MITRE·06:00 PM
Data Sourced
via MITRE·06:00 PM
DescriptionWeakness
May 16, 2022
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2022-22633
- CVE-2022-22665
- CVE-2022-22631
- CVE-2022-22648
- CVE-2022-22627
- CVE-2022-22626
- CVE-2022-22625
- CVE-2022-22597
- CVE-2022-22616
- CVE-2022-26691
- CVE-2022-46706
- CVE-2022-22661
- CVE-2022-22613
- CVE-2022-22615
- CVE-2022-22614
- CVE-2022-22638
- CVE-2022-22632
- CVE-2022-22647
- CVE-2022-22656
- CVE-2022-22672
- CVE-2022-22617
- CVE-2022-26688
- CVE-2022-22650
- CVE-2022-22599
- CVE-2022-22651
- CVE-2022-22662
- CVE-2022-22582
- CVE-2021-44224
- CVE-2021-44790
- CVE-2022-22719
- CVE-2022-22720
- CVE-2022-22721
- CVE-2022-22675
- CVE-2022-22630
- CVE-2022-26751
- CVE-2022-26698
- CVE-2022-26697
- CVE-2022-22663
- CVE-2022-26721
- CVE-2022-26722
- CVE-2022-26763
- CVE-2022-22674
- CVE-2022-26720
- CVE-2022-26770
- CVE-2022-26756
- CVE-2022-26769
- CVE-2022-26748
- CVE-2022-26768
- CVE-2022-26714
- CVE-2022-26757
- CVE-2021-30946
- CVE-2022-26767
- CVE-2022-26706
- CVE-2022-32882
- CVE-2022-32790
- CVE-2022-26776
- CVE-2022-0778
- CVE-2022-23308
- CVE-2022-32794
- CVE-2022-26712
- CVE-2022-26746
- CVE-2022-26731
- CVE-2022-26766
- CVE-2022-26718
- CVE-2022-26723
- CVE-2022-26715
- CVE-2022-26728
- CVE-2022-26726
- CVE-2022-26755
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-22589
- CVE-2022-26745
- CVE-2022-26761
- CVE-2022-0530
- CVE-2018-25032
- CVE-2021-45444
- CVE-2022-26775
- CVE-2022-26727
- CVE-2022-22669
- CVE-2021-22946
- CVE-2021-22947
- CVE-2021-22945
- CVE-2022-22643
- CVE-2022-22657
- CVE-2022-22664
- CVE-2021-30977
- CVE-2022-22611
- CVE-2022-22612
- CVE-2022-22641
- CVE-2022-22640
- CVE-2021-36976
- CVE-2022-21658
- CVE-2022-22644
- CVE-2022-26690
- CVE-2022-22609
- CVE-2022-22655
- CVE-2022-22600
- CVE-2022-22639
- CVE-2022-22660
- CVE-2022-22621
- CVE-2022-0156
- CVE-2022-0158
- CVE-2021-30918
- CVE-2022-22610
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22637
- CVE-2022-22668
Frequently Asked Questions
1
What is CVE-2022-22665?
CVE-2022-22665 is a logic issue in AppKit that was addressed with improved validation.
2
What is the severity of CVE-2022-22665?
The severity of CVE-2022-22665 is critical with a severity value of 7.8.
3
What software versions are affected by CVE-2022-22665?
CVE-2022-22665 affects macOS Catalina, macOS Big Sur (up to version 11.6.5), and macOS Monterey (up to version 12.3).
4
How can a malicious application exploit CVE-2022-22665?
A malicious application may be able to gain root privileges through CVE-2022-22665.
5
How can I fix CVE-2022-22665?
CVE-2022-22665 is fixed in macOS Monterey version 12.3. It is recommended to update to this version to mitigate the vulnerability.