Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-367

References

https://support.apple.com/en-us/HT213530, https://support.apple.com/en-us/HT213532, https://support.apple.com/en-us/HT213535, https://support.apple.com/en-us/HT213536

https://nvd.nist.gov/vuln/detail/CVE-2022-48618

Cybersecurity Alerts

CVE-2022-48618

Apple Multiple Products Memory Corruption Vulnerability

Required Action

Weakness Classification

References