CVE-2022-22629: 
Apple iTunes vulnerability analysis and mitigation

CVE-2022-22629 is a buffer overflow vulnerability discovered in Apple's WebKit engine that was fixed in March 2022. The vulnerability affects multiple Apple products including macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, and tvOS 15.4. When processing maliciously crafted web content, this vulnerability could lead to arbitrary code execution (Apple Security, NVD).

The vulnerability is classified as a buffer overflow issue in WebKit that was addressed with improved memory handling. It has a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue was discovered by Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative (NVD, Apple Security).

The vulnerability allows processing of maliciously crafted web content that may lead to arbitrary code execution. This means an attacker could potentially execute malicious code on affected systems, potentially compromising the confidentiality, integrity, and availability of the system (Apple Security).

Apple has released security updates to address this vulnerability across multiple products. Users should update to macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, or tvOS 15.4 depending on their affected system (Apple Security, Apple Security).