⚠ Actively exploited
Added to CISA KEV on 2024-01-31. Federal agencies required to patch by 2024-02-21. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2022-48618 — Time-of-check Time-of-use (TOCTOU) Race Condition in Apple IOS AND Ipados
Severity
7.0HIGHNVD
EPSS
0.2%
top 61.37%
CISA KEV
KEV
Added 2024-01-31
Due 2024-02-21
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 9
KEV addedJan 31
KEV dueFeb 21
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9