Back to KEVs

CVE-2022-48618

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 05, 2024
Published Date
January 09, 2024
Last Updated
August 03, 2024
Vendor
Apple
Product
tvOS, macOS, iOS and iPadOS, watchOS
Description
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.

CVSS Scores

CVSS v3.1

7.0 - HIGH

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2024-01-31 00:00:00 UTC) Source

References

https://support.apple.com/en-us/HT213535 https://support.apple.com/en-us/HT213532 https://support.apple.com/en-us/HT213530 https://support.apple.com/en-us/HT213536

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-01-31 00:00:00 UTC