CVE-2022-42856

ENISA EUVD: EUVD-2022-45919 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 5, 2026 5 articles Published: 2022-12-15
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.19%
probability
This CVE has a 0.19% probability of being exploited in the next 30 days.
0% Top 40.6th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

Affected Products

Apple
tvOS
unspecified
Apple
tvOS
unspecified
Apple
tvOS
unspecified
Apple
tvOS
unspecified
Apple
tvOS
unspecified

Attack Intelligence

Google Project Zero

Patched
Nov. 30, 2022
Reported by
Clément Lecigne of Google's Threat Analysis Group
Root Cause Analysis
???

Signal Intelligence

Confidence
95%
EPSS 0.19%
CVSS v3.1 8.8
Mentions 5
Last Seen Mar 29, 2023

CNA Information

CNA Assigner
apple

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026
Published DateDec 15, 2022