CVE-2022-26765

A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

08 Jun 2022, 14:19

Type Values Removed Values Added
References (MISC) https://support.apple.com/en-us/HT213253 - (MISC) https://support.apple.com/en-us/HT213253 - Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT213254 - (MISC) https://support.apple.com/en-us/HT213254 - Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT213257 - (MISC) https://support.apple.com/en-us/HT213257 - Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT213258 - (MISC) https://support.apple.com/en-us/HT213258 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 1.9
v3 : 4.7
CWE CWE-362
CPE cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
First Time Apple iphone Os
Apple macos
Apple tvos
Apple watchos
Apple ipados
Apple

26 May 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-26 20:15

Updated : 2022-06-08 14:19


NVD link : CVE-2022-26765

Mitre link : CVE-2022-26765


JSON object : View

Products Affected

apple

  • tvos
  • watchos
  • iphone_os
  • macos
  • ipados
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')