CISA KEV 정보
| 취약점명 | Apple Multiple Products Memory Corruption Vulnerability |
|---|---|
| 설명 | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication. |
| 조치사항 | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-367 |
| 등록일 (KEV) | 2024-01-31 |
| 조치 기한 | 2024-02-21 |
| 추가 참고 | https://support.apple.com/en-us/HT213530, https://support.apple.com/en-us/HT213532, https://support.apple.com/en-us/HT213535, https://support.apple.com/en-us/HT213536; https://nvd.nist.gov/vuln/detail/CVE-2022-48618 |
NVD 상세 정보
CVSS v3.1: 7.0 HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H설명: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
CWE: CWE-367 | CWE-367
참조
- https://support.apple.com/en-us/HT213530 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT213532 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT213535 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT213536 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT213530 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT213532 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT213535 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT213536 [Release Notes, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.