Login Sign Up

CVE-2022-22614

7.8 HIGH
Remote Code Execution

📋 TL;DR

This is a use-after-free vulnerability in Apple operating systems that allows malicious applications to execute arbitrary code with kernel privileges. It affects iOS, iPadOS, tvOS, watchOS, and macOS systems running vulnerable versions. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • tvOS
  • watchOS
  • macOS
Versions: Versions before tvOS 15.4, iOS 15.4, iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3
Operating Systems: Apple iOS, Apple iPadOS, Apple tvOS, Apple watchOS, Apple macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level privileges, allowing attackers to install persistent malware, steal sensitive data, or create backdoors.

🟠

Likely Case

Malicious apps from untrusted sources could gain full system control, potentially leading to data theft, surveillance, or ransomware deployment.

🟢

If Mitigated

With proper app vetting and security controls, exploitation risk is limited to sophisticated targeted attacks.

🌐 Internet-Facing: LOW - This requires local application execution, not direct internet exposure.
🏢 Internal Only: MEDIUM - Risk exists if users install untrusted applications or visit malicious sites that trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious application to be installed and executed on the target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tvOS 15.4, iOS 15.4, iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3

Vendor Advisory: https://support.apple.com/en-us/HT213182

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS. 2. Install available updates. 3. For macOS, go to System Preferences > Software Update. 4. Restart device after installation.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the App Store

Application Whitelisting

macOS

Implement application control policies to prevent unauthorized app execution

🧯 If You Can't Patch

  • Implement strict application control policies to prevent installation of untrusted applications
  • Segment affected devices from critical network resources and sensitive data

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac > macOS version.

Check Version:

iOS/iPadOS/watchOS/tvOS: Settings > General > About > Version. macOS: sw_vers -productVersion

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel panics
  • Unusual process spawning with elevated privileges
  • Suspicious application installation events

Network Indicators:

  • Unusual outbound connections from system processes
  • Command and control traffic from kernel-level processes

SIEM Query:

Process creation where parent process is kernel_task or similar system process with unusual command line arguments

📊 Metadata

CVE ID: CVE-2022-22614
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: March 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22614, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)