CVE-2022-26765: Race Condition
First published: Mon May 16 2022(Updated: )
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Credit: Linus Henze Pinauten GmbHLinus Henze Pinauten GmbHLinus Henze Pinauten GmbHLinus Henze Pinauten GmbH product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <8.6 | 8.6 |
| Apple tvOS | <15.5 | 15.5 |
| <12.4 | 12.4 | |
| Apple iOS | <15.5 | 15.5 |
| Apple iPadOS | <15.5 | 15.5 |
| Apple iPadOS | <15.5 | |
| Apple iPhone OS | <15.5 | |
| Apple macOS | >=12.0<12.4 | |
| Apple tvOS | <15.5 | |
| Apple watchOS | <8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-26702
- CVE-2022-22675
- CVE-2022-26763
- CVE-2022-26711
- CVE-2022-26768
- CVE-2022-26771
- CVE-2022-26714
- CVE-2022-26757
- CVE-2022-26764
- CVE-2022-26765
- CVE-2022-26706
- CVE-2022-26775
- CVE-2022-26708
- CVE-2022-32790
- CVE-2022-26776
- CVE-2022-23308
- CVE-2022-26766
- CVE-2022-26726
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26717
- CVE-2022-26716
- CVE-2022-26719
- CVE-2022-26745
- CVE-2022-26724
- CVE-2022-26736
- CVE-2022-26737
- CVE-2022-26738
- CVE-2022-26739
- CVE-2022-26740
- CVE-2022-26701
- CVE-2022-26772
- CVE-2022-26741
- CVE-2022-26742
- CVE-2022-26749
- CVE-2022-26750
- CVE-2022-26752
- CVE-2022-26753
- CVE-2022-26754
- CVE-2021-44224
- CVE-2021-44790
- CVE-2022-22719
- CVE-2022-22720
- CVE-2022-22721
- CVE-2022-26751
- CVE-2022-26707
- CVE-2022-26697
- CVE-2022-26698
- CVE-2022-32783
- CVE-2022-26694
- CVE-2022-26721
- CVE-2022-26722
- CVE-2022-32781
- CVE-2022-26725
- CVE-2022-26720
- CVE-2022-26769
- CVE-2022-26770
- CVE-2022-26748
- CVE-2022-26756
- CVE-2022-26758
- CVE-2022-26743
- CVE-2022-26767
- CVE-2022-32882
- CVE-2022-0778
- CVE-2022-48575
- CVE-2022-32794
- CVE-2022-22617
- CVE-2022-26712
- CVE-2022-26727
- CVE-2022-32782
- CVE-2022-26693
- CVE-2022-26746
- CVE-2022-26731
- CVE-2022-26715
- CVE-2022-26718
- CVE-2022-26723
- CVE-2022-26728
- CVE-2022-26704
- CVE-2022-42857
- CVE-2022-26755
- CVE-2022-26696
- CVE-2022-22677
- CVE-2022-26761
- CVE-2022-26762
- CVE-2022-0530
- CVE-2018-25032
- CVE-2021-45444
- CVE-2022-26744
- CVE-2022-22673
- CVE-2022-26703
- CVE-2022-26760
- CVE-2015-4142
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2022-26765.
What is the title of this vulnerability?
The title of this vulnerability is Kernel. A race condition was addressed with improved state handling.
What is the affected software?
The affected software includes Apple watchOS 8.6, Apple tvOS 15.5, macOS Monterey 12.4, Apple iOS 15.5, and Apple iPadOS 15.5.
How severe is this vulnerability?
The severity of this vulnerability is not specified.
How can I fix this vulnerability?
You can fix this vulnerability by updating your software to the specified remedy versions provided by Apple.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- agent/software-canonical-lookup-request
- source/Apple
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/apple
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple macos monterey
- canonical/apple ios
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/12.0