Vulnerability Description
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 15.3 |
| Apple | Iphone Os | < 15.3 |
| Apple | Macos | < 11.6.3 |
| Apple | Tvos | < 15.3 |
| Apple | Watchos | < 8.4 |
Related Weaknesses (CWE)
References
- https://support.apple.com/en-us/HT213053Release NotesVendor Advisory
- https://support.apple.com/en-us/HT213054Release NotesVendor Advisory
- https://support.apple.com/en-us/HT213055Release NotesVendor Advisory
- https://support.apple.com/en-us/HT213057Release NotesVendor Advisory
- https://support.apple.com/en-us/HT213059Release NotesVendor Advisory
- https://support.apple.com/en-us/HT213053Release NotesVendor Advisory
- https://support.apple.com/en-us/HT213054Release NotesVendor Advisory
- https://support.apple.com/en-us/HT213055Release NotesVendor Advisory
- https://support.apple.com/en-us/HT213057Release NotesVendor Advisory
- https://support.apple.com/en-us/HT213059Release NotesVendor Advisory
FAQ
What is CVE-2022-22585?
CVE-2022-22585 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS...
How severe is CVE-2022-22585?
CVE-2022-22585 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22585?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos, Apple Watchos.