CVE-2022-46689Race Condition in Apple Macos

CWE-362Race Condition12 documents6 sources
Severity
7.0HIGHNVD
EPSS
85.3%
top 0.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple MacosApple TvosApple Watchos+3 more
Timeline
PublishedDec 15

Description

A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages9 packages

CVEListV5apple/macosunspecified11.7
NVDapple/macos12.012.6.2+2
NVDapple/ipados< 15.7.2
CVEListV5apple/tvosunspecified16.2+3
NVDapple/tvos< 16.2

🔴Vulnerability Details

3
GHSA
GHSA-335h-x4pf-hpc2: A race condition was addressed with additional validation2022-12-15
CVEList
CVE-2022-46689: A race condition was addressed with additional validation2022-12-15
VulnCheck
Apple safari Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')2022

💥Exploits & PoCs

1
Metasploit
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation

📋Vendor Advisories

7
Apple
CVE-2022-46689: tvOS16.22022-12-13
Apple
CVE-2022-46689: watchOS 9.22022-12-13
Apple
CVE-2022-46689: macOS Big Sur 11.7.22022-12-13
Apple
CVE-2022-46689: iOS 16.2 and iPadOS 16.22022-12-13
Apple
CVE-2022-46689: macOS Ventura 13.12022-12-13
CVE-2022-46689 — Race Condition in Apple Macos | cvebase