Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22585

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.

Published

2022-03-18T18:15:12.400

Last Modified

2024-11-21T06:47:04.370

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	apple	ipados	< 15.3	Yes
Operating System	apple	iphone_os	< 15.3	Yes
Operating System	apple	macos	< 11.6.3	Yes
Operating System	apple	macos	< 12.2	Yes
Operating System	apple	tvos	< 15.3	Yes
Operating System	apple	watchos	< 8.4	Yes

References

https://support.apple.com/en-us/HT213053 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT213054 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT213055 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT213057 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT213059 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT213053 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT213054 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT213055 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT213057 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT213059 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)