Apple Multiple Products Memory Corruption Vulnerability

Added Jan. 31, 2024 • Due Feb. 21, 2024 • CVE-2022-48618

Overdue Apple / Multiple Products CWE-367

Description

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://support.apple.com/en-us/HT213530, https://support.apple.com/en-us/HT213532, https://support.apple.com/en-us/HT213535, https://support.apple.com/en-us/HT213536
https://nvd.nist.gov/vuln/detail/CVE-2022-48618

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 7 months, 2 weeks ago