CVE-2022-48618
published 2024-01-09CVE-2022-48618: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with…
PriorityP183high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-02-21
Exploited in the wild
EPSS
0.49%
38.3th percentile
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.2_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 16.2 | 16.2 |
| apple | ipados | < 16.2 | 16.2 |
| apple | iphone_os | < 16.2 | 16.2 |
| apple | macos | >= 13.0 < 13.1 | 13.1 |
| apple | macos | >= unspecified < 13.1 | 13.1 |
| apple | macos_ventura | — | — |
| apple | tvos | < 16.2 | 16.2 |
| apple | tvos | >= unspecified < 16.2 | 16.2 |
| apple | tvos16.2 | — | — |
| apple | watchos | < 9.2 | 9.2 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < 9.2 | 9.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target vulnerable iOS versions: exploitation observed against iOS versions released before iOS 15.7.1; detection/triage should prioritize devices running iOS < 15.7.1 ↗
- →Vulnerability class is TOCTOU (time-of-check/time-of-use) memory corruption in the Kernel component enabling Pointer Authentication bypass; hunt for kernel-level exploitation artifacts involving PAC bypass on Apple devices ↗
- →Affected component is the Kernel across all Apple platforms (iOS, iPadOS, macOS, tvOS, watchOS); scope kernel crash logs, panic logs, and anomalous kernel memory access patterns on Apple devices for signs of exploitation ↗
- →Exploitation requires arbitrary read and write capability as a precondition; chain detection should look for prior memory corruption primitives being established before a PAC bypass attempt ↗
- ·CISA KEV confirms active exploitation but provides no additional technical indicators beyond the vulnerability class (TOCTOU memory corruption / PAC bypass); detection must rely on behavioral and version-based signals ↗
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.0HIGH
cisa7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v2rr-hhf4-8739: The issue was addressed with improved checks
ghsa_unreviewed·2024-01-09
CVE-2022-48618 [HIGH] CWE-287 GHSA-v2rr-hhf4-8739: The issue was addressed with improved checks
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
VulnCheck
Apple Multiple Products Memory Corruption Vulnerability
vulncheck·2022·CVSS 7.0
CVE-2022-48618 [HIGH] CWE-367 Apple Multiple Products Memory Corruption Vulnerability
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
Affected: Apple Multiple Products
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://support.apple.com/en-us/102808; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2024-02-21
CISA
Apple Multiple Products Memory Corruption Vulnerability
cisa·2024-01-31·CVSS 7.0
CVE-2022-48618 [HIGH] CWE-367 Apple Multiple Products Memory Corruption Vulnerability
Vulnerability: Apple Multiple Products Memory Corruption Vulnerability
Affected: Apple Multiple Products
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://support.apple.com/en-us/HT213530, https://support.apple.com/en-us/HT213532, https://support.apple.com/en-us/HT213535, https://support.apple.com/en-us/HT213536; https://nvd.nist.gov/vuln/detail/CVE-2022-48618
Remediation Due Date: 2024-02-21
Apple
CVE-2022-48618: macOS Ventura 13.1
vendor_apple·2022-12-13·CVSS 7.0
CVE-2022-48618 [HIGH] CVE-2022-48618: macOS Ventura 13.1
Apple Security Update: About the security content of macOS Ventura 13.1
Product: macOS Ventura
Version: 13.1
CVE: CVE-2022-48618
Component: Kernel
Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
Description: The issue was addressed with improved checks.
Apple
CVE-2022-48618: watchOS 9.2
vendor_apple·2022-12-13·CVSS 7.0
CVE-2022-48618 [HIGH] CVE-2022-48618: watchOS 9.2
Apple Security Update: About the security content of watchOS 9.2
Product: watchOS
Version: 9.2
CVE: CVE-2022-48618
Component: Kernel
Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
Description: The issue was addressed with improved checks.
Apple
CVE-2022-48618: iOS 16.2 and iPadOS 16.2
vendor_apple·2022-12-13·CVSS 7.0
CVE-2022-48618 [HIGH] CVE-2022-48618: iOS 16.2 and iPadOS 16.2
Apple Security Update: About the security content of iOS 16.2 and iPadOS 16.2
Product: iOS 16.2 and iPadOS
Version: 16.2
CVE: CVE-2022-48618
Component: Kernel
Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
Description: The issue was addressed with improved checks.
Apple
CVE-2022-48618: tvOS16.2
vendor_apple·2022-12-13·CVSS 7.0
CVE-2022-48618 [HIGH] CVE-2022-48618: tvOS16.2
Apple Security Update: About the security content of tvOS16.2
Product: tvOS16.2
CVE: CVE-2022-48618
Component: Kernel
Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
Description: The issue was addressed with improved checks.
No detection rules found.
No public exploits indexed.
https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213535https://support.apple.com/en-us/HT213536https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213535https://support.apple.com/en-us/HT213536https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618
2024-01-09
Published
2024-01-31
Added to CISA KEV
Exploited in the wild