CVE-2022-22614 - 漏洞详情

CVE-2022-22614 (CNNVD-202203-1281)

HIGH

中文标题:

Apple iOS和Apple iPadOS 资源管理错误漏洞

英文标题:

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15...

CVSS分数: 7.8

发布时间: 2022-03-18 17:59:38

漏洞类型: 资源管理错误

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Apple iOS和Apple iPadOS都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。 Apple iOS 15.4 和 iPadOS 15.4 之前的 Kernel 存在资源管理错误漏洞，该漏洞源于应用程序可能能够以内核权限执行任意代码。以下产品和版本受到影响：iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)。

英文描述:

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

CWE类型:

CWE-416

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Apple	iOS and iPadOS	-	< 15.4	-	`cpe:2.3:a:apple:ios_and_ipados::::::::`
Apple	macOS	-	< 12.3	-	`cpe:2.3:a:apple:macos::::::::`
Apple	tvOS	-	< 15.4	-	`cpe:2.3:a:apple:tvos::::::::`
Apple	watchOS	-	< 8.5	-	`cpe:2.3:a:apple:watchos::::::::`
apple	ipados	*	-	-	`cpe:2.3:o:apple:ipados::::::::`
apple	iphone_os	*	-	-	`cpe:2.3:o:apple:iphone_os::::::::`
apple	mac_os_x	*	-	-	`cpe:2.3:o:apple:mac_os_x::::::::`
apple	mac_os_x	10.15.7	-	-	`cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001::::::`
apple	macos	*	-	-	`cpe:2.3:o:apple:macos::::::::`
apple	macos	10.15.7	-	-	`cpe:2.3:o:apple:macos:10.15.7:-::::::`
apple	tvos	*	-	-	`cpe:2.3:o:apple:tvos::::::::`
apple	watchos	*	-	-	`cpe:2.3:o:apple:watchos::::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）