CVE-2022-22590: 
NixOS vulnerability analysis and mitigation

CVE-2022-22590 is a use-after-free vulnerability discovered in WebKit, affecting multiple Apple operating systems and products. The vulnerability was fixed in iOS 15.3, iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, and macOS Monterey 12.2, with patches released on January 26, 2022. The vulnerability affected various Apple devices including iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) (Apple HT213053, Apple HT213054).

The vulnerability is classified as a use-after-free issue in WebKit that was addressed with improved memory management. It received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability was discovered by Toan Pham from Team Orca of Sea Security (NVD Database).

When exploited, this vulnerability could allow processing of maliciously crafted web content to lead to arbitrary code execution. This means an attacker could potentially execute unauthorized code on affected devices through specially crafted web content (Apple HT213053, Apple HT213058).

Apple addressed this vulnerability by improving memory management in WebKit. Users are advised to update to iOS 15.3, iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, or macOS Monterey 12.2, depending on their device. For WebKitGTK+ users, updating to version 2.36.7 or later is recommended (Gentoo Advisory).