🟢 CVE-2022-48503

CVE-2022-48503 is a WebKit bounds check vulnerability affecting Apple's client-side products (Safari, iOS, macOS, etc.) that allows arbitrary code execution when processing malicious web content. While listed in CISA KEV indicating active exploitation, this is a client-side vulnerability requiring user interaction rather than a server-side exploit.

← Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2023-08-14

Added to CISA KEV: 2025-10-20 798 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2022-48503 is a security vulnerability affecting various Apple operating systems that was addressed by Apple in July 2022 [2] [5].

Overview and Impact
  • Vulnerability Type: The issue stems from insufficient bounds checks, which can allow an attacker to execute arbitrary code while processing malicious web content [4].
  • Impact: Successful exploitation can lead to arbitrary code execution. In some contexts, an application with root privileges might be able to execute arbitrary code with kernel privileges, or a remote user could cause unexpected application termination [3].
Exploitation and Threat Activity
  • Active Exploitation: CVE-2022-48503 is listed in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog [1] [6]. This confirms that the vulnerability has been actively exploited in the wild.
  • Attack Method: The vulnerability is typically triggered by processing maliciously crafted web content. While specific details on threat actor usage or ransomware campaigns are not always publicly detailed for every KEV entry, its inclusion in the CISA catalog indicates it is a high-priority risk often leveraged in targeted or opportunistic attacks.
Affected Products and Mitigation
The vulnerability was fixed in the following Apple software versions released in July 2022:
ProductFixed Version
iOS15.6
iPadOS15.6
macOS Monterey12.5
Safari15.6
tvOS15.6
watchOS8.7
Status: This vulnerability is considered patched. Users and organizations are strongly advised to ensure their systems are updated to these versions (or later) to mitigate the risk of exploitation [2] [4]. Organizations should consult CISA’s Binding Operational Directive (BOD) 22-01 for specific requirements regarding the remediation of vulnerabilities listed in the KEV catalog [1].

Sources

  1. NVD - CVE-2022-48503

    Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. ... Release Notes Vendor Advisory. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48503.Reference CI…

  2. cve-2022-48503 - NVD

    Description. The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey ...

  3. CVE-2022-48503 - Exploits & Severity - Feedly

    Impact. An attacker could potentially execute arbitrary code by exploiting improper control of code generation and inadequate array index validation. ... Feedly found the first article mentioning CVE-2022-48503.Apple Support / 17mo. Impact: An app with root privileges may be able to execute arbitrar…

  4. CVE-2022-48503 Description, Impact and Technical Details

    CVE-2022-48503 is a vulnerability affecting multiple Apple operating systems, including tvOS 15.6, watchOS 8.7, iOS 15.6, iPadOS 15.6, macOS Monterey 12.5, and Safari 15.6. The issue stems from insufficient bounds checks, which can allow an attacker to execute arbitrary code while processing web con…

  5. CVE-2022-48503 · GitHub Advisory Database

    The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey ...

  6. Known Exploited Vulnerabilities Catalog | CISA

    CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed