CVE-2022-48618
HIGH KEViPadOS < 16.2 - Time-of-check Time-of-use Race Condition
Title source: llmExploitation Summary
CVE-2022-48618 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 31, 2024.
Description
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
References (5)
Core 5
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213530
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213532
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213535
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213536
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618
Scores
CVSS v3
7.0
EPSS
0.0011
EPSS Percentile
30.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2024-01-31
VulnCheck KEV
2024-01-09
InTheWild.io
2024-01-31
ENISA EUVD
EUVD-2022-51313
CWE
CWE-367
Status
published
Products (5)
apple/ipados
< 16.2
apple/iphone_os
< 16.2
apple/macos
13.0 - 13.1
apple/tvos
< 16.2
apple/watchos
< 9.2
Published
Jan 09, 2024
KEV Added
Jan 31, 2024
Tracked Since
Feb 18, 2026