CVE-2022-48503

HIGH KEV

Apple Safari < 15.6 - Improper Array Index Validation

Title source: rule

Description

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.

References (6)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213340

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213341

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213342

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213345

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213346

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48503

Scores

CVSS v3 8.8

EPSS 0.0018

EPSS Percentile 39.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-10-20

VulnCheck KEV 2025-10-20

ENISA EUVD EUVD-2022-51199

CWE

CWE-129

Status published

Products (6)

apple/ipados < 15.6

apple/iphone_os < 15.6

apple/macos 12.0.0 - 12.5

apple/safari < 15.6

apple/tvos < 15.6

apple/watchos < 8.7

Published Aug 14, 2023

KEV Added Oct 20, 2025

Tracked Since Feb 18, 2026