CVE-2022-48618

7HIGH

Key Information

Vendor: Apple
Status: TV OS; Mac OS; iOS And iPad OS; Watch OS
Vendor: CVE Published:; 9 January 2024

Badges

👾 Exploit Exists

Summary

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2022-48618 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

tvOS < 16.2

macOS < 13.1

iOS and iPadOS < 16.2

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Jun 6, 2024
Vulnerability published.
Jan 9, 2024
Vulnerability Reserved.
Jan 5, 2024

Collectors

NVD DatabaseMitre DatabaseCISA Database