CVE DATABASE / CVE-2022-48618
CVE-2022-48618
Apple Multiple Products Memory Corruption Vulnerability
Confirmed exploited in the wild. Added 2024-01-31.
Federal remediation due 2024-02-21.
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
CVSS 3.1 breakdown
| Base score | 7 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://support.apple.com/en-us/HT213530
- https://support.apple.com/en-us/HT213532
- https://support.apple.com/en-us/HT213535
- https://support.apple.com/en-us/HT213536
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-23. Always verify against the vendor advisory before acting.