Vulnerability Description
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 15.5 |
| Apple | Iphone Os | < 15.5 |
| Apple | Macos | >= 12.0, < 12.4 |
| Apple | Tvos | < 15.5 |
| Apple | Watchos | < 8.6 |
Related Weaknesses (CWE)
References
- https://support.apple.com/en-us/HT213253Vendor Advisory
- https://support.apple.com/en-us/HT213254Vendor Advisory
- https://support.apple.com/en-us/HT213257Vendor Advisory
- https://support.apple.com/en-us/HT213258Vendor Advisory
- https://support.apple.com/en-us/HT213253Vendor Advisory
- https://support.apple.com/en-us/HT213254Vendor Advisory
- https://support.apple.com/en-us/HT213257Vendor Advisory
- https://support.apple.com/en-us/HT213258Vendor Advisory
FAQ
What is CVE-2022-26765?
CVE-2022-26765 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and ...
How severe is CVE-2022-26765?
CVE-2022-26765 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26765?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos, Apple Watchos.