CVE-2022-48618
Apple Multiple Products Memory Corruption Vulnerability
CVSS
—
Sin CVSS
EPSS
0.5%
p39
KEV
SÍ
31 ene 2024
Exploit Today
62
0-100
Publicado: — · Última mod.: —
Producto
Apple / Multiple Products
Vulnerabilidad
Apple Multiple Products Memory Corruption Vulnerability
Añadido a KEV
31 ene 2024
Remediar antes de
21 feb 2024
Uso conocido en ransomware
No
Descripción resumida
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://support.apple.com/en-us/HT213530, https://support.apple.com/en-us/HT213532, https://support.apple.com/en-us/HT213535, https://support.apple.com/en-us/HT213536; https://nvd.nist.gov/vuln/detail/CVE-2022-48618