CVE-2022-22674

Confirmed PUBLISHED

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is...

Apple · macOS
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
5.5 Medium

At a Glance

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.

macos cisa
CVE Published
May 26, 2022
Exploitation Reported
Apr 04, 2022
CVSS
5.5 Medium
EPSS
Low complexity No user interaction

Affected Versions

Vendor Product Version Status
Apple
macOS

unspecified to < 12.3

Affected
Apple
macOS

unspecified to < 2022

Affected
Apple
macOS

unspecified to < 11.6

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.