CVE-2022-46690

HIGH EXPLOITED

iPadOS < 16.2 - Out-of-bounds Write

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-46690 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.

References (8)

Core 8
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213530
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213532
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213535
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213536
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/20
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/23
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/26

Scores

CVSS v3 7.8
EPSS 0.0014
EPSS Percentile 33.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2023-07-01
CWE
CWE-787
Status published
Products (5)
apple/ipados < 16.2
apple/iphone_os < 16.2
apple/macos < 13.1
apple/tvos < 16.2
apple/watchos < 9.2
Published Dec 15, 2022
Tracked Since Feb 18, 2026