CVE-2022-48618

HIGH KEV

Apple Ipados < 16.2 - TOCTOU Race Condition

Title source: rule

Description

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.

References (5)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213530

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213532

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213535

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213536

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618

Scores

CVSS v3 7.0

EPSS 0.0017

EPSS Percentile 38.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-01-31

VulnCheck KEV 2024-01-09

InTheWild.io 2024-01-31

ENISA EUVD EUVD-2022-51313

CWE

CWE-367

Status published

Products (5)

apple/ipados < 16.2

apple/iphone_os < 16.2

apple/macos 13.0 - 13.1

apple/tvos < 16.2

apple/watchos < 9.2

Published Jan 09, 2024

KEV Added Jan 31, 2024

Tracked Since Feb 18, 2026