Threat Intelligence / CVE / CVE-2022-48503

CVE-2022-48503

CISA KEV

CVSS 8.8 (HIGH) · EPSS 0.2% · Published 2023-08-14

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

NVD-CWE-noinfo, CWE-129

Threats tracking this CVE

Coruna iOS Exploit Kit — Government-Grade 23-Exploit Arsenal Proliferates from Surveillance Vendor to Russian Espionage and Chinese Cybercriminals Targeting 42K+ Devices — CRITICAL

References

https://support.apple.com/en-us/HT213340
https://support.apple.com/en-us/HT213341
https://support.apple.com/en-us/HT213342
https://support.apple.com/en-us/HT213345
https://support.apple.com/en-us/HT213346
https://support.apple.com/en-us/HT213340
https://support.apple.com/en-us/HT213341
https://support.apple.com/en-us/HT213342
https://support.apple.com/en-us/HT213345
https://support.apple.com/en-us/HT213346

Full detection coverage & IOCs for threats exploiting CVE-2022-48503 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence