CVE-2022-46720

Vulnerability

An integer overflow vulnerability exists in iOS 16.2 and iPadOS 16.2, and macOS Ventura 13.1. The issue was addressed with improved input validation. Affected devices include iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and Macs running macOS Ventura [1][2].

Exploitation

An attacker would need to run a malicious app on the target device. The integer overflow can be triggered by the app, exploiting the insufficient input validation to bypass security boundaries. No additional privileges or user interaction beyond installing the app appear to be required [1][2].

Impact

Successful exploitation allows the malicious app to break out of its sandbox, potentially gaining elevated access to system resources and sensitive user information. The impact is a sandbox escape, leading to unauthorized access and data disclosure [1][2].

Mitigation

Apple released fixes in iOS 16.2 and iPadOS 16.2, and macOS Ventura 13.1 on December 13, 2022. Users should update their devices to these or later versions. No workarounds are documented; applying the security update is the primary mitigation [1][2].