CVE-2022-48503
Description
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CISA KEV
- Vendor
- Apple
- Product
- Multiple Products
- Due date
- 2025-11-10
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://support.apple.com/en-us/HT213340 ; https://support.apple.com/en-us/HT213341 ; https://support.apple.com/en-us/HT213342 ; https://support.apple.com/en-us/HT213345 ; https://support.apple.com/en-us/HT213346 ; https://nvd.nist.gov/vuln/detail/CVE-2022-48503
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-48503
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-48503.html
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2256
Exploits
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 2.38.0-1 |
| debian | bullseye | fixed | 2.38.0-1~deb11u1 |
| debian | forky | fixed | 2.38.0-1 |
| debian | sid | fixed | 2.38.0-1 |
| debian | trixie | fixed | 2.38.0-1 |
References
- https://access.redhat.com/errata/RHSA-2023:2256
- https://www.suse.com/security/cve/CVE-2022-48503.html
- https://security-tracker.debian.org/tracker/CVE-2022-48503
- https://support.apple.com/en-us/HT213340 ; https://support.apple.com/en-us/HT213341 ; https://support.apple.com/en-us/HT213342 ; https://support.apple.com/en-us/HT213345 ; https://support.apple.com/en-us/HT213346 ; https://nvd.nist.gov/vuln/detail/CVE-2022-48503
Verify integrity in audit chain (admin only). AS-IS.