CVE Alert: CVE-2022-48503 - Apple - macOS

CVE-2022-48503

UnknownCISA KEVExploitation active

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.

CVSS v3.1 not provided

Vendor

Apple, Apple, Apple, Apple, Apple

Product

macOS, tvOS, Safari, watchOS, iOS and iPadOS

Versions

unspecified lt 12.5 | unspecified lt 15.6 | unspecified lt 15.6 | unspecified lt 8.7 | unspecified lt 15.6

CWE

Processing web content may lead to arbitrary code execution

Vector

n a

Published

2023-08-14T22:40:49.354Z

Updated

2025-10-20T16:20:23.339Z

References

https://support.apple.com/en-us/HT213345

https://support.apple.com/en-us/HT213342

https://support.apple.com/en-us/HT213341

https://support.apple.com/en-us/HT213340

https://support.apple.com/en-us/HT213346

CISA KEV reference

AI Summary Analysis

Risk verdict

Critical risk: known exploited vulnerability with active exploitation; treat as priority 1 and patch immediately.

Why this matters

Remote attacker could trigger arbitrary code execution by processing web content, with no privileges required and user interaction necessary. A single interaction or visit to a malicious page could compromise the device, enable data exfiltration, or establish persistence across the affected Apple ecosystem.

Most likely attack path

Exploitation is network-based via crafted web content delivered to Safari/WebKit. User interaction is required, but complexity is low and no privileges are required to start the attack. Successful exploitation yields high-impact outcomes (C, I, A) on the host, with scope remaining unchanged, limiting immediate lateral movement but enabling full control on the compromised device.

Who is most exposed

Any Apple device user running Safari or WebKit across macOS, iOS/iPadOS, watchOS, tvOS. Organisations with unmanaged or lightly managed Apple fleets and users who frequently browse untrusted content are particularly at risk.

Detection ideas

Crashes or memory-corruption related crash reports in Safari/WebKit after web content interaction.
Anomalous, rapid post-interaction process activity or unusual system log entries indicating exploit-like behaviour.
Unusual outbound traffic following web content access or beaconing correlating with user events.
EDR alerts on WebKit-related processes showing abnormal memory/bounds-check failures.
Indicators in device management logs of patched-versus-unpatched state across fleet.

Mitigation and prioritisation

Apply the relevant Apple security updates immediately; ensure all devices reach the fixed versions across macOS, iOS/iPadOS, watchOS, tvOS, and Safari. Treat as priority 1.
Enforce automatic updates via MDM and verify patch deployment in a staged rollout.
Where feasible, enable Web Content or sandboxing controls and restrict untrusted content sources.
Educate users to avoid opening content from unknown sources and to report unexpected prompts or crashes.
Establish a patch-tracking and rollback plan; verify remediation in a test cohort before full-scale deployment.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: Apple, CVE, cve-2022-48503, ios-and-ipados, macOS, OSINT, safari, threatintel, tvos, watchos