CVE-2022-22677 is a medium-severity logic vulnerability affecting Apple macOS, specifically related to the handling of concurrent media streams in WebRTC calls. The issue arises when a user engaged in a WebRTC video call experiences an interruption in their video self-preview if they answer an incoming phone call. This behavior is due to improper state management of concurrent media streams, which causes the video self-preview to be disrupted. The vulnerability does not impact the confidentiality of the call or the integrity of the media streams but can degrade the user experience by interrupting the video preview. Apple addressed this issue by improving the state handling logic in macOS Monterey 12.4, iOS 15.5, and iPadOS 15.5. The CVSS v3.1 base score is 4.3, reflecting a medium severity with no confidentiality impact, low complexity for exploitation, no privileges required, but user interaction is necessary (answering a phone call). There are no known exploits in the wild, and the vulnerability mainly affects Apple devices running vulnerable versions of macOS and related operating systems. The issue is primarily a usability and availability concern rather than a security breach or data compromise.

For European organizations, the impact of CVE-2022-22677 is primarily on user experience and operational continuity during remote communications using WebRTC on Apple devices. Since the vulnerability causes interruptions in video self-preview during calls, it may disrupt video conferencing sessions, which are critical for business communications, especially in remote or hybrid work environments. However, the vulnerability does not lead to data leakage, unauthorized access, or system compromise, limiting its impact to availability and integrity of the video preview stream only. Organizations relying heavily on Apple hardware for communication may experience minor disruptions but are unlikely to face severe security consequences. The lack of known exploits and the requirement for user interaction further reduce the risk of widespread exploitation. Nonetheless, in sectors where uninterrupted video communication is essential (e.g., customer support, telemedicine, or legal consultations), this issue could cause operational inefficiencies or user dissatisfaction.

To mitigate the effects of CVE-2022-22677, European organizations should ensure that all Apple devices are updated to macOS Monterey 12.4, iOS 15.5, or iPadOS 15.5 or later, where the issue is fixed. IT departments should implement policies to regularly check and enforce timely OS updates on all Apple endpoints. Additionally, organizations can educate users about the potential interruption during concurrent phone and WebRTC calls and recommend minimizing answering phone calls during critical video sessions. For environments where video call continuity is critical, alternative communication platforms or devices not affected by this issue could be considered as a temporary workaround. Monitoring and logging WebRTC call quality and interruptions can help identify if this issue affects business operations and guide further response. Since no known exploits exist, no additional network-level mitigations are necessary beyond standard endpoint security practices.