CVE-2022-26765

Summary

A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Affected Software

VendorProductVersion RangeStatus
ApplewatchOSunspecified < 8.6affected
ApplewatchOSunspecified < 15.5affected
ApplewatchOSunspecified < 12.4affected
ApplewatchOSunspecified < 15.5affected

Weaknesses

  • A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References