CVE-2022-48618
In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Accounts", "AppleAVD", "AppleMobileFileIntegrity", "AVEVideoEncoder", "CoreServices", "GPU Drivers", "Graphics Driver", "ImageIO", "IOHIDFamily", "IOMobileFrameBuffer", "iTunes Store", "Kernel", "Photos", "ppp", "Preferences", "Printing", "Safari", "Software Update", "Weather" sowie "WebKit". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.12% · 29.8th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Apple iOS <12.5.7 |
Exploit Intelligence
- https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog (certbund)
- CIRCL seen: CVE-2022-48618 (circl-sighting)
- CIRCL seen: CVE-2022-48618 (circl-sighting)
- CIRCL exploited: CVE-2022-48618 (circl-sighting)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618 (circl)
- https://support.apple.com/en-us/HT213535 (circl)
- https://support.apple.com/en-us/HT213532 (circl)
- https://support.apple.com/en-us/HT213530 (circl)
- https://support.apple.com/en-us/HT213536 (circl)
- macos_v2_generated.go (github-poc)
…and 29 more exploits
Timeline
- Feb 7, 2019 VulnCheck KEV Exploitation
- Feb 8, 2019 VulnCheck KEV Exploitation
- Dec 13, 2022 CVE Published
- Jan 17, 2024 EPSS Score
- Jan 31, 2024 CISA KEV Added
- Jan 31, 2024 PoC Published
- Feb 1, 2024 EPSS Score
- Feb 14, 2024 EPSS Score
- Mar 13, 2024 EPSS Score
- Apr 10, 2024 EPSS Score
- May 8, 2024 EPSS Score
- Jun 6, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2313.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2313 advisory
- https://support.apple.com/de-de/HT213532 advisory
- https://support.apple.com/de-de/HT213533 advisory
- https://support.apple.com/de-de/HT213534 advisory
- https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog exploit
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2321.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2321 advisory
- https://support.apple.com/de-de/HT213530 advisory
- https://support.apple.com/de-de/HT213531 advisory
- https://support.apple.com/en-us/HT213597 advisory