Type Confusion Vulnerability in Apple macOS and Catalina Products
CVE-2022-46706

7.8HIGH

Key Information:

Vendor: Apple
Status: Mac OS; Security Update - Catalina
Vendor: CVE Published:; 14 August 2023

What is CVE-2022-46706?

A type confusion issue has been identified in Apple’s macOS platforms, where an application could potentially execute arbitrary code with kernel privileges. This vulnerability affects users of macOS Monterey 12.3 and macOS Big Sur 11.6.5. The problem arises from improper state handling, which has been addressed in Security Update 2022-003 for Catalina. Users are recommended to update to the latest versions to mitigate potential risks.

Affected Version(s)

macOS < 12.3

macOS < 11.6

Security Update - Catalina < 2022

References

https://support.apple.com/en-us/HT213183

https://support.apple.com/en-us/HT213185

https://support.apple.com/en-us/HT213184

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2023
Vulnerability Reserved
Dec 7, 2022